ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Asciidoc: Review login-utils man pages

This commit is contained in:
Mario Blättermann 2021-03-24 20:01:34 +01:00
parent 299604dd0b
commit 62fde24f47
12 changed files with 220 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
login-utils/chfn.1.adoc
View File

@ -35,38 +35,36 @@ In interactive mode, *chfn* will prompt for each field. At a prompt, you can ent
== OPTIONS
*-f*, *--full-name* _full-name_::
Specify your real name.
Specify your real name.
*-o*, *--office* _office_::
Specify your office room number.
Specify your office room number.
*-p*, *--office-phone* _office-phone_::
Specify your office phone number.
Specify your office phone number.
*-h*, *--home-phone* _home-phone_::
Specify your home phone number.
Specify your home phone number.
*-u*, *--help*::
Display help text and exit.
Display help text and exit.
*-v*, *--version*::
Display version information and exit.
Display version information and exit.
== CONFIG FILE ITEMS
*chfn* reads the _/etc/login.defs_ configuration file (see *login.defs*(5)). Note that the configuration file could be distributed with another package (e.g., shadow-utils). The following configuration items are relevant for *chfn*:
*CHFN_RESTRICT* _string_
*CHFN_RESTRICT* _string_::
____
Indicate which fields are changeable by *chfn*.
+
The boolean setting *"yes"* means that only the Office, Office Phone and Home Phone fields are changeable, and boolean setting *"no"* means that also the Full Name is changeable.
+
Another way to specify changeable fields is by abbreviations: f = Full Name, r = Office (room), w = Office (work) Phone, h = Home Phone. For example, *CHFN_RESTRICT "wh"* allows changing work and home phone numbers.
+
If *CHFN_RESTRICT* is undefined, then all finger information is read-only. This is the default.
____
== EXIT STATUS

8
login-utils/chsh.1.adoc
View File

@ -31,16 +31,16 @@ chsh - change your login shell
== OPTIONS
*-s*, *--shell* _shell_::
Specify your login shell.
Specify your login shell.
*-l*, *--list-shells*::
Print the list of shells listed in _/etc/shells_ and exit.
Print the list of shells listed in _/etc/shells_ and exit.
*-h*, *--help*::
Display help text and exit.
Display help text and exit.
*-v*, *--version*::
Display version information and exit.
Display version information and exit.
== VALID SHELLS

30
login-utils/last.1.adoc
View File

@ -46,43 +46,43 @@ The pseudo user *reboot* logs in each time the system is rebooted. Thus *last re
== OPTIONS
*-a*, *--hostlast*::
Display the hostname in the last column. Useful in combination with the *--dns* option.
Display the hostname in the last column. Useful in combination with the *--dns* option.
*-d*, *--dns*::
For non-local logins, Linux stores not only the host name of the remote host, but its IP number as well. This option translates the IP number back into a hostname.
For non-local logins, Linux stores not only the host name of the remote host, but its IP number as well. This option translates the IP number back into a hostname.
*-f*, *--file* _file_::
Tell *last* to use a specific _file_ instead of _/var/log/wtmp_. The *--file* option can be given multiple times, and all of the specified files will be processed.
Tell *last* to use a specific _file_ instead of _/var/log/wtmp_. The *--file* option can be given multiple times, and all of the specified files will be processed.
*-F*, *--fulltimes*::
Print full login and logout times and dates.
Print full login and logout times and dates.
*-i*, *--ip*::
Like *--dns ,* but displays the host's IP number instead of the name.
Like *--dns ,* but displays the host's IP number instead of the name.
**-**__number__; *-n*, *--limit* _number_::
Tell *last* how many lines to show.
Tell *last* how many lines to show.
*-p*, *--present* _time_::
Display the users who were present at the specified time. This is like using the options *--since* and *--until* together with the same _time_.
Display the users who were present at the specified time. This is like using the options *--since* and *--until* together with the same _time_.
*-R*, *--nohostname*::
Suppresses the display of the hostname field.
Suppresses the display of the hostname field.
*-s*, *--since* _time_::
Display the state of logins since the specified _time_. This is useful, e.g., to easily determine who was logged in at a particular time. The option is often combined with *--until*.
Display the state of logins since the specified _time_. This is useful, e.g., to easily determine who was logged in at a particular time. The option is often combined with *--until*.
*-t*, *--until* _time_::
Display the state of logins until the specified _time_.
Display the state of logins until the specified _time_.
*--time-format* _format_::
Define the output timestamp _format_ to be one of _notime_, _short_, _full_, or _iso_. The _notime_ variant will not print any timestamps at all, _short_ is the default, and _full_ is the same as the *--fulltimes* option. The _iso_ variant will display the timestamp in ISO-8601 format. The ISO format contains timezone information, making it preferable when printouts are investigated outside of the system.
Define the output timestamp _format_ to be one of _notime_, _short_, _full_, or _iso_. The _notime_ variant will not print any timestamps at all, _short_ is the default, and _full_ is the same as the *--fulltimes* option. The _iso_ variant will display the timestamp in ISO-8601 format. The ISO format contains timezone information, making it preferable when printouts are investigated outside of the system.
*-w*, *--fullnames*::
Display full user names and domain names in the output.
Display full user names and domain names in the output.
*-x*, *--system*::
Display the system shutdown entries and run level changes.
Display the system shutdown entries and run level changes.
== TIME FORMATS
@ -106,12 +106,12 @@ The options that take the _time_ argument understand the following formats:
== FILES
_/var/log/wtmp_ +
_/var/log/wtmp_,
_/var/log/btmp_
== NOTES
The files _wtmp_ and _btmp_ might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple *touch*(1) command (for example, _touch /var/log/wtmp_).
The files _wtmp_ and _btmp_ might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple *touch*(1) command (for example, *touch /var/log/wtmp*).
== AUTHORS

114
login-utils/login.1.adoc
View File

@ -37,147 +37,117 @@ If the file _.hushlogin_ exists, then a "quiet" login is performed. This disable
== OPTIONS
*-p*::
Used by *getty*(8) to tell *login* to preserve the environment.
Used by *getty*(8) to tell *login* to preserve the environment.
*-f*::
Used to skip a login authentication. This option is usually used by the *getty*(8) autologin feature.
Used to skip a login authentication. This option is usually used by the *getty*(8) autologin feature.
*-h*::
Used by other servers (such as *telnetd*(8) to pass the name of the remote host to *login* so that it can be placed in utmp and wtmp. Only the superuser is allowed use this option. +
{nbsp} +
Note that the *-h* option has an impact on the *PAM service* *name*. The standard service name is _login_, but with the *-h* option, the name is _remote_. It is necessary to create proper PAM config files (for example, _/etc/pam.d/login_ and _/etc/pam.d/remote_).
Used by other servers (such as *telnetd*(8) to pass the name of the remote host to *login* so that it can be placed in utmp and wtmp. Only the superuser is allowed use this option.
+
Note that the *-h* option has an impact on the *PAM service* *name*. The standard service name is _login_, but with the *-h* option, the name is _remote_. It is necessary to create proper PAM config files (for example, _/etc/pam.d/login_ and _/etc/pam.d/remote_).
*-H*::
Used by other servers (for example, *telnetd*(8)) to tell *login* that printing the hostname should be suppressed in the login: prompt. See also *LOGIN_PLAIN_PROMPT* below.
Used by other servers (for example, *telnetd*(8)) to tell *login* that printing the hostname should be suppressed in the login: prompt. See also *LOGIN_PLAIN_PROMPT* below.
*--help*::
Display help text and exit.
Display help text and exit.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
== CONFIG FILE ITEMS
*login* reads the _/etc/login.defs_ configuration file (see login.defs(5)). Note that the configuration file could be distributed with another package (usually shadow-utils). The following configuration items are relevant for *login*:
*MOTD_FILE* (string)
____
*MOTD_FILE* (string)::
Specifies a ":" delimited list of "message of the day" files and directories to be displayed upon login. If the specified path is a directory then displays all files with .motd file extension in version-sort order from the directory.
+
The default value is _/usr/share/misc/motd:/run/motd:/etc/motd_. If the *MOTD_FILE* item is empty or a quiet login is enabled, then the message of the day is not displayed. Note that the same functionality is also provided by the *pam_motd*(8) PAM module.
+
The directories in the *MOTD_FILE* are supported since version 2.36.
+
Note that *login* does not implement any filenames overriding behavior like pam_motd (see also *MOTD_FIRSTONLY*), but all content from all files is displayed. It is recommended to keep extra logic in content generators and use _/run/motd.d_ rather than rely on overriding behavior hardcoded in system tools.
____
*MOTD_FIRSTONLY* (boolean)
*MOTD_FIRSTONLY* (boolean)::
____
Forces *login* to stop display content specified by *MOTD_FILE* after the first accessible item in the list. Note that a directory is one item in this case. This option allows *login* semantics to be configured to be more compatible with pam_motd. The default value is _no_.
____
*LOGIN_PLAIN_PROMPT* (boolean)
*LOGIN_PLAIN_PROMPT* (boolean)::
____
Tell *login* that printing the hostname should be suppressed in the login: prompt. This is an alternative to the *-H* command line option. The default value is _no_.
____
*LOGIN_TIMEOUT* (number)
*LOGIN_TIMEOUT* (number)::
____
Maximum time in seconds for login. The default value is _60_.
____
*LOGIN_RETRIES* (number)
*LOGIN_RETRIES* (number)::
____
Maximum number of login retries in case of a bad password. The default value is _3_.
____
*LOGIN_KEEP_USERNAME* (boolean)
*LOGIN_KEEP_USERNAME* (boolean)::
____
Tell *login* to only re-prompt for the password if authentication failed, but the username is valid. The default value is _no_.
____
*FAIL_DELAY* (number)
*FAIL_DELAY* (number)::
____
Delay in seconds before being allowed another three tries after a login failure. The default value is _5_.
____
*TTYPERM* (string)
*TTYPERM* (string)::
____
The terminal permissions. The default value is _0600_ or _0620_ if tty group is used.
____
*TTYGROUP* (string)
*TTYGROUP* (string)::
____
The login tty will be owned by the *TTYGROUP*. The default value is _tty_. If the *TTYGROUP* does not exist, then the ownership of the terminal is set to the user´s primary group.
+
The *TTYGROUP* can be either the name of a group or a numeric group identifier.
____
*HUSHLOGIN_FILE* (string)
*HUSHLOGIN_FILE* (string)::
____
If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname (for example, _/etc/hushlogins_) is specified, then hushed mode will be enabled if the user´s name or shell are found in the file. If this global hush login file is empty then the hushed mode will be enabled for all users.
+
If a full pathname is not specified, then hushed mode will be enabled if the file exists in the user´s home directory.
+
The default is to check _/etc/hushlogins_ and if it does not exist then _~/.hushlogin_.
+
If the *HUSHLOGIN_FILE* item is empty, then all the checks are disabled.
____
*DEFAULT_HOME* (boolean)
*DEFAULT_HOME* (boolean)::
____
Indicate if login is allowed if we cannot change directory to the home directory. If set to _yes_, the user will login in the root (/) directory if it is not possible to change directory to their home. The default value is _yes_.
____
*LASTLOG_UID_MAX* (unsigned number)
*LASTLOG_UID_MAX* (unsigned number)::
____
Highest user ID number for which the _lastlog_ entries should be updated. As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse _lastlog_ file for them. No LASTLOG_UID_MAX option present in the configuration means that there is no user ID limit for writing _lastlog_ entries. The default value is _ULONG_MAX_.
____
*LOG_UNKFAIL_ENAB* (boolean)
*LOG_UNKFAIL_ENAB* (boolean)::
____
Enable display of unknown usernames when login failures are recorded. The default value is _no_.
+
Note that logging unknown usernames may be a security issue if a user enters their password instead of their login name.
____
*ENV_PATH* (string)
*ENV_PATH* (string)::
____
If set, it will be used to define the *PATH* environment variable when a regular user logs in. The default value is _/usr/local/bin:/bin:/usr/bin_.
____
*ENV_ROOTPATH* (string) *ENV_SUPATH* (string)
*ENV_ROOTPATH* (string)::
*ENV_SUPATH* (string)::
____
If set, it will be used to define the PATH environment variable when the superuser logs in. *ENV_ROOTPATH* takes precedence. The default value is _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_.
____
== FILES
_/var/run/utmp_ +
_/var/log/wtmp_ +
_/var/log/lastlog_ +
_/var/spool/mail/*_ +
_/etc/motd_ +
_/etc/passwd_ +
_/etc/nologin_ +
_/etc/pam.d/login_ +
_/etc/pam.d/remote_ +
_/etc/hushlogins_ +
_/var/run/utmp_,
_/var/log/wtmp_,
_/var/log/lastlog_,
_/var/spool/mail/*_,
_/etc/motd_,
_/etc/passwd_,
_/etc/nologin_,
_/etc/pam.d/login_,
_/etc/pam.d/remote_,
_/etc/hushlogins_,
_$HOME/.hushlogin_
== BUGS

66
login-utils/lslogins.1.adoc
View File

@ -14,7 +14,7 @@ lslogins - display information about known users in the system
== SYNOPSIS
*lslogins* [options] [*-s*|*-u*[**=**_UID_]] [*-g* _groups_] [*-l* _logins_] [_username_]
*lslogins* [options] [*-s*|*-u*[=_UID_]] [*-g* _groups_] [*-l* _logins_] [_username_]
== DESCRIPTION
@ -29,92 +29,92 @@ The default action is to list info about all the users in the system.
Mandatory arguments to long options are mandatory for short options too.
*-a*, *--acc-expiration*::
Display data about the date of last password change and the account expiration date (see *shadow*(5) for more info). (Requires root privileges.)
Display data about the date of last password change and the account expiration date (see *shadow*(5) for more info). (Requires root privileges.)
*--btmp-file* __path__****::
Alternate path for btmp.
*--btmp-file* _path_::
Alternate path for btmp.
*-c*, *--colon-separate*::
Separate info about each user with a colon instead of a newline.
Separate info about each user with a colon instead of a newline.
*-e*, *--export*::
Output data in the format of NAME=VALUE.
Output data in the format of NAME=VALUE.
*-f*, *--failed*::
Display data about the users' last failed login attempts.
Display data about the users' last failed login attempts.
*-G*, *--supp-groups*::
Show information about supplementary groups.
Show information about supplementary groups.
*-g*, **--groups**=_groups_::
Only show data of users belonging to _groups_. More than one group may be specified; the list has to be comma-separated. Unknown group names are ignored. +
{nbsp} +
Note that relation between user and group may be invisible for primary group if the user is not explicitly specify as group member (e.g., in _/etc/group_). If the command *lslogins* scans for groups than it uses groups database only, and user database with primary GID is not used at all.
Only show data of users belonging to _groups_. More than one group may be specified; the list has to be comma-separated. Unknown group names are ignored.
+
Note that relation between user and group may be invisible for primary group if the user is not explicitly specify as group member (e.g., in _/etc/group_). If the command *lslogins* scans for groups than it uses groups database only, and user database with primary GID is not used at all.
*-h*, *--help*::
Display help information and exit.
Display help information and exit.
*-L*, *--last*::
Display data containing information about the users' last login sessions.
Display data containing information about the users' last login sessions.
*-l*, **--logins**=_logins_::
Only show data of users with a login specified in _logins_ (user names or user IDS). More than one login may be specified; the list has to be comma-separated. Unknown login names are ignored.
Only show data of users with a login specified in _logins_ (user names or user IDS). More than one login may be specified; the list has to be comma-separated. Unknown login names are ignored.
*-n*, *--newline*::
Display each piece of information on a separate line.
Display each piece of information on a separate line.
*--noheadings*::
Do not print a header line.
Do not print a header line.
*--notruncate*::
Don't truncate output.
Don't truncate output.
*-o*, *--output* _list_::
Specify which output columns to print. The default list of columns may be extended if _list_ is specified in the format _+list_.
Specify which output columns to print. The default list of columns may be extended if _list_ is specified in the format _+list_.
*--output-all*::
Output all available columns. *--help* to get a list of all supported columns.
Output all available columns. *--help* to get a list of all supported columns.
*-p*, *--pwd*::
Display information related to login by password (see also *-afL).*
Display information related to login by password (see also *-afL).*
*-r*, *--raw*::
Raw output (no columnation).
Raw output (no columnation).
*-s*, *--system-accs*::
Show system accounts.  These are by default all accounts with a UID between 101 and 999 (inclusive), with the exception of either nobody or nfsnobody (UID 65534). This hardcoded default may be overwritten by parameters SYS_UID_MIN and SYS_UID_MAX in the file _/etc/login.defs_.
Show system accounts.  These are by default all accounts with a UID between 101 and 999 (inclusive), with the exception of either nobody or nfsnobody (UID 65534). This hardcoded default may be overwritten by parameters SYS_UID_MIN and SYS_UID_MAX in the file _/etc/login.defs_.
*--time-format* _type_::
Display dates in short, full or iso format. The default is short, this time format is designed to be space efficient and human readable.
Display dates in short, full or iso format. The default is short, this time format is designed to be space efficient and human readable.
*-u*, *--user-accs*::
Show user accounts. These are by default all accounts with UID above 1000 (inclusive), with the exception of either nobody or nfsnobody (UID 65534). This hardcoded default maybe overwritten by parameters UID_MIN and UID_MAX in the file _/etc/login.defs_.
Show user accounts. These are by default all accounts with UID above 1000 (inclusive), with the exception of either nobody or nfsnobody (UID 65534). This hardcoded default maybe overwritten by parameters UID_MIN and UID_MAX in the file _/etc/login.defs_.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
*--wtmp-file* _path_::
Alternate path for wtmp.
Alternate path for wtmp.
*--lastlog* _path_::
Alternate path for lastlog.
Alternate path for *lastlog*(8).
*-Z*, *--context*::
Display the users' security context.
Display the users' security context.
*-z*, *--print0*::
Delimit user entries with a nul character, instead of a newline.
Delimit user entries with a nul character, instead of a newline.
== EXIT STATUS
0::
if OK,
if OK,
1::
if incorrect arguments specified,
if incorrect arguments specified,
2::
if a serious error occurs (e.g., a corrupt log).
if a serious error occurs (e.g., a corrupt log).
== NOTES
@ -126,7 +126,7 @@ The *lslogins* utility is inspired by the *logins* utility, which first appeared
== AUTHORS
mailto:ooprala@redhat.com[Ondrej Oprala] +
mailto:ooprala@redhat.com[Ondrej Oprala],
mailto:kzak@redhat.com[Karel Zak]
== SEE ALSO

2
login-utils/newgrp.1.adoc
View File

@ -24,7 +24,7 @@ If no group is specified, the GID is changed to the login GID.
== FILES
_/etc/group_ +
_/etc/group_,
_/etc/passwd_
== AUTHORS

34
login-utils/nologin.8.adoc
View File

@ -24,25 +24,35 @@ The exit status returned by *nologin* is always 1.
== OPTIONS
*-c*, *--command* _command_ +
*--init-file* +
*-i* *--interactive* +
*--init-file* _file_ +
*-i*, *--interactive* +
*-l*, *--login* +
*--noprofile* +
*--norc* +
*--posix* +
*--rcfile* _file_ +
*-c*, *--command* _command_
*--init-file*
*-i* *--interactive*
*--init-file* _file_
*-i*, *--interactive*
*-l*, *--login*
*--noprofile*
*--norc*
*--posix*
*--rcfile* _file_
*-r*, *--restricted*
These shell command-line options are ignored to avoid *nologin* error.
*-h*, *--help*::
Display help text and exit.
Display help text and exit.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
== NOTES

85
login-utils/runuser.1.adoc
View File

@ -31,76 +31,68 @@ Note that *runuser* in all cases use PAM (pam_getenvlist()) to do the final envi
== OPTIONS
*-c*, *--command*=_command_::
Pass _command_ to the shell with the *-c* option.
Pass _command_ to the shell with the *-c* option.
*-f*, *--fast*::
Pass *-f* to the shell, which may or may not be useful, depending on the shell.
Pass *-f* to the shell, which may or may not be useful, depending on the shell.
*-g*, *--group*=_group_::
The primary group to be used. This option is allowed for the root user only.
The primary group to be used. This option is allowed for the root user only.
*-G*, *--supp-group*=_group_::
Specify a supplementary group. This option is available to the root user only. The first specified supplementary group is also used as a primary group if the option *--group* is not specified.
Specify a supplementary group. This option is available to the root user only. The first specified supplementary group is also used as a primary group if the option *--group* is not specified.
*-*, *-l*, *--login*::
Start the shell as a login shell with an environment similar to a real login: +
{nbsp} +
* clears all the environment variables except for *TERM* and variables specified by *--whitelist-environment*
* initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*
* changes to the target user's home directory
* sets argv[0] of the shell to '*-*' in order to make the shell a login shell
Start the shell as a login shell with an environment similar to a real login:
+
* clears all the environment variables except for *TERM* and variables specified by *--whitelist-environment*
* initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*
* changes to the target user's home directory
* sets argv[0] of the shell to '*-*' in order to make the shell a login shell
*-P*, *--pty*::
Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid TIOCSTI ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., *runuser --pty -u username -- command &*). If the pseudo-terminal is enabled, then *runuser* works as a proxy between the sessions (copy stdin and stdout). +
{nbsp} +
This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., *echo "date" | runuser --pty -u user*), then the ECHO flag for the pseudo-terminal is disabled to avoid messy output.
Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid TIOCSTI ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., *runuser --pty -u username -- command &*). If the pseudo-terminal is enabled, then *runuser* works as a proxy between the sessions (copy stdin and stdout).
+
This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., *echo "date" | runuser --pty -u user*), then the ECHO flag for the pseudo-terminal is disabled to avoid messy output.
*-m*, *-p*, *--preserve-environment*::
Preserve the entire environment, i.e., do not set *HOME*, *SHELL*, *USER* or *LOGNAME*. The option is ignored if the option *--login* is specified.
Preserve the entire environment, i.e., do not set *HOME*, *SHELL*, *USER* or *LOGNAME*. The option is ignored if the option *--login* is specified.
*-s*, *--shell*=_shell_::
Run the specified _shell_ instead of the default. The shell to run is selected according to the following rules, in order: +
{nbsp} +
* the shell specified with *--shell*
* the shell specified in the environment variable *SHELL* if the *--preserve-environment* option is used
* the shell listed in the passwd entry of the target user
* /bin/sh +
{nbsp} +
If the target user has a restricted shell (i.e., not listed in _/etc/shells_), then the *--shell* option and the *SHELL* environment variables are ignored unless the calling user is root.
Run the specified _shell_ instead of the default. The shell to run is selected according to the following rules, in order:
* the shell specified with *--shell*
* the shell specified in the environment variable *SHELL* if the *--preserve-environment* option is used
* the shell listed in the passwd entry of the target user
* /bin/sh
+
If the target user has a restricted shell (i.e., not listed in _/etc/shells_), then the *--shell* option and the *SHELL* environment variables are ignored unless the calling user is root.
**--session-command=**__command__::
Same as *-c*, but do not create a new session. (Discouraged.)
Same as *-c*, but do not create a new session. (Discouraged.)
*-w*, *--whitelist-environment*=_list_::
Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*.
Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
*-h*, *--help*::
Display help text and exit.
Display help text and exit.
== CONFIG FILES
*runuser* reads the _/etc/default/runuser_ and _/etc/login.defs_ configuration files. The following configuration items are relevant for *runuser*:
*ENV_PATH* (string)
____
*ENV_PATH* (string)::
Defines the PATH environment variable for a regular user. The default value is _/usr/local/bin:/bin:/usr/bin_.
____
*ENV_ROOTPATH* (string) *ENV_SUPATH* (string)
____
*ENV_ROOTPATH* (string)::
*ENV_SUPATH* (string)::
Defines the *PATH* environment variable for root. *ENV_SUPATH* takes precedence. The default value is _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_.
____
*ALWAYS_SET_PATH* (boolean)
____
*ALWAYS_SET_PATH* (boolean)::
If set to _yes_ and --login and --preserve-environment were not specified *runuser* initializes *PATH*.
____
The environment variable *PATH* may be different on systems where _/bin_ and _/sbin_ are merged into _/usr_; this variable is also affected by the *--login* command-line option and the PAM system setting (e.g., *pam_env*(8)).
@ -110,28 +102,27 @@ The environment variable *PATH* may be different on systems where _/bin_ and _/s
Exit status generated by *runuser* itself:
____
1::
Generic error before executing the requested command
Generic error before executing the requested command
126::
The requested command could not be executed
The requested command could not be executed
127::
The requested command was not found
____
The requested command was not found
== FILES
_/etc/pam.d/runuser_::
default PAM configuration file
default PAM configuration file
_/etc/pam.d/runuser-l_::
PAM configuration file if *--login* is specified
PAM configuration file if *--login* is specified
_/etc/default/runuser_::
runuser specific logindef config file
runuser specific logindef config file
_/etc/login.defs_::
global logindef config file
global logindef config file
== HISTORY

91
login-utils/su.1.adoc
View File

@ -31,54 +31,54 @@ Note that *su* in all cases uses PAM (*pam_getenvlist*(3)) to do the final envir
== OPTIONS
*-c*, **--command**=__command__::
Pass _command_ to the shell with the *-c* option.
Pass _command_ to the shell with the *-c* option.
*-f*, *--fast*::
Pass *-f* to the shell, which may or may not be useful, depending on the shell.
Pass *-f* to the shell, which may or may not be useful, depending on the shell.
*-g*, **--group**=__group__::
Specify the primary group. This option is available to the root user only.
Specify the primary group. This option is available to the root user only.
*-G*, **--supp-group**=__group__::
Specify a supplementary group. This option is available to the root user only. The first specified supplementary group is also used as a primary group if the option *--group* is not specified.
Specify a supplementary group. This option is available to the root user only. The first specified supplementary group is also used as a primary group if the option *--group* is not specified.
*-*, *-l*, *--login*::
Start the shell as a login shell with an environment similar to a real login: +
{nbsp} +
* clears all the environment variables except *TERM* and variables specified by *--whitelist-environment*
* initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*
* changes to the target user's home directory
* sets argv[0] of the shell to '*-*' in order to make the shell a login shell
Start the shell as a login shell with an environment similar to a real login:
* clears all the environment variables except *TERM* and variables specified by *--whitelist-environment*
* initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*
* changes to the target user's home directory
* sets argv[0] of the shell to '*-*' in order to make the shell a login shell
*-m*, *-p*, *--preserve-environment*::
Preserve the entire environment, i.e., do not set *HOME*, *SHELL*, *USER* or *LOGNAME*. This option is ignored if the option *--login* is specified.
Preserve the entire environment, i.e., do not set *HOME*, *SHELL*, *USER* or *LOGNAME*. This option is ignored if the option *--login* is specified.
*-P*, *--pty*::
Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid TIOCSTI ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., "su --pty - username -c application &"). If the pseudo-terminal is enabled, then *su* works as a proxy between the sessions (copy stdin and stdout). +
{nbsp} +
This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., echo "date" | su --pty), then the ECHO flag for the pseudo-terminal is disabled to avoid messy output.
Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid TIOCSTI ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., "su --pty - username -c application &"). If the pseudo-terminal is enabled, then *su* works as a proxy between the sessions (copy stdin and stdout).
+
This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., echo "date" | su --pty), then the ECHO flag for the pseudo-terminal is disabled to avoid messy output.
*-s*, **--shell**=__shell__::
Run the specified _shell_ instead of the default. The shell to run is selected according to the following rules, in order: +
{nbsp} +
* the shell specified with *--shell*
* the shell specified in the environment variable *SHELL*, if the *--preserve-environment* option is used
* the shell listed in the passwd entry of the target user
* /bin/sh +
{nbsp} +
If the target user has a restricted shell (i.e., not listed in /etc/shells), the *--shell* option and the *SHELL* environment variables are ignored unless the calling user is root.
Run the specified _shell_ instead of the default. The shell to run is selected according to the following rules, in order:
* the shell specified with *--shell*
* the shell specified in the environment variable *SHELL*, if the *--preserve-environment* option is used
* the shell listed in the passwd entry of the target user
* /bin/sh
If the target user has a restricted shell (i.e., not listed in /etc/shells), the *--shell* option and the *SHELL* environment variables are ignored unless the calling user is root.
**--session-command=**__command__::
Same as *-c*, but do not create a new session. (Discouraged.)
Same as *-c*, but do not create a new session. (Discouraged.)
*-w*, **--whitelist-environment**=__list__::
Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*.
Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
*-h*, *--help*::
Display help text and exit.
Display help text and exit.
== SIGNALS
@ -88,30 +88,19 @@ Upon receiving either *SIGINT*, *SIGQUIT* or *SIGTERM*, *su* terminates its chil
*su* reads the _/etc/default/su_ and _/etc/login.defs_ configuration files. The following configuration items are relevant for *su:*
*FAIL_DELAY* (number)
____
*FAIL_DELAY* (number)::
Delay in seconds in case of an authentication failure. The number must be a non-negative integer.
____
*ENV_PATH* (string)
____
*ENV_PATH* (string)::
Defines the *PATH* environment variable for a regular user. The default value is _/usr/local/bin:/bin:/usr/bin_.
____
*ENV_ROOTPATH* (string) *ENV_SUPATH* (string)
____
*ENV_ROOTPATH* (string)::
*ENV_SUPATH* (string)::
Defines the *PATH* environment variable for root. *ENV_SUPATH* takes precedence. The default value is _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_.
____
*ALWAYS_SET_PATH* (boolean)
____
*ALWAYS_SET_PATH* (boolean)::
If set to _yes_ and *--login* and *--preserve-environment* were not specified *su* initializes *PATH*.
____
+
The environment variable *PATH* may be different on systems where _/bin_ and _/sbin_ are merged into _/usr_; this variable is also affected by the *--login* command-line option and the PAM system setting (e.g., *pam_env*(8)).
== EXIT STATUS
@ -120,28 +109,26 @@ The environment variable *PATH* may be different on systems where _/bin_ and _/s
Exit status generated by *su* itself:
____
1::
Generic error before executing the requested command
Generic error before executing the requested command
126::
The requested command could not be executed
The requested command could not be executed
127::
The requested command was not found
____
The requested command was not found
== FILES
_/etc/pam.d/su_::
default PAM configuration file
default PAM configuration file
_/etc/pam.d/su-l_::
PAM configuration file if *--login* is specified
PAM configuration file if *--login* is specified
_/etc/default/su_::
command specific logindef config file
command specific logindef config file
_/etc/login.defs_::
global logindef config file
global logindef config file
== NOTES

18
login-utils/sulogin.8.adoc
View File

@ -23,6 +23,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
:man source: util-linux {release-version}
:page-layout: base
:command: sulogin
:asterisk: *
== NAME
@ -42,28 +43,29 @@ Give root password for system maintenance (or type Control-D for normal startup)
If the root account is locked and *--force* is specified, no password is required.
*sulogin* will be connected to the current terminal, or to the optional _tty_ device that can be specified on the command line (typically */dev/console*).
*sulogin* will be connected to the current terminal, or to the optional _tty_ device that can be specified on the command line (typically _/dev/console_).
When the user exits from the single-user shell, or presses control-D at the prompt, the system will continue to boot.
== OPTIONS
*-e*, *--force*::
If the default method of obtaining the root password from the system via *getpwnam*(3) fails, then examine _/etc/passwd_ and _/etc/shadow_ to get the password. If these files are damaged or nonexistent, or when root account is locked by '!' or '+++*+++' at the begin of the password then *sulogin* will *start a root shell without asking for a password*. +
{nbsp} +
Only use the *-e* option if you are sure the console is physically protected against unauthorized access.
If the default method of obtaining the root password from the system via *getpwnam*(3) fails, then examine _/etc/passwd_ and _/etc/shadow_ to get the password. If these files are damaged or nonexistent, or when root account is locked by '!' or '{asterisk}' at the begin of the password then *sulogin* will *start a root shell without asking for a password*.
//TRANSLATORS: Keep {asterisk} untranslated.
+
Only use the *-e* option if you are sure the console is physically protected against unauthorized access.
*-p*, *--login-shell*::
Specifying this option causes *sulogin* to start the shell process as a login shell.
Specifying this option causes *sulogin* to start the shell process as a login shell.
*-t*, *--timeout* _seconds_::
Specify the maximum amount of time to wait for user input. By default, *sulogin* will wait forever.
Specify the maximum amount of time to wait for user input. By default, *sulogin* will wait forever.
*-h*, *--help*::
Display help text and exit.
Display help text and exit.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
== ENVIRONMENT

10
login-utils/utmpdump.1.adoc
View File

@ -38,19 +38,19 @@ utmpdump - dump UTMP and WTMP files in raw format
== OPTIONS
*-f*, *--follow*::
Output appended data as the file grows.
Output appended data as the file grows.
*-o*, *--output* _file_::
Write command output to _file_ instead of standard output.
Write command output to _file_ instead of standard output.
*-r*, *--reverse*::
Undump, write back edited login information into the utmp or wtmp files.
Undump, write back edited login information into the utmp or wtmp files.
*-V*, *--version*::
Display version information and exit.
Display version information and exit.
*-h*, *--help*::
Display help text and exit.
Display help text and exit.
== NOTES

2
login-utils/vipw.8.adoc
View File

@ -59,7 +59,7 @@ vipw, vigr - edit the password or group file
If the following environment variable exists, it will be utilized by *vipw* and *vigr*:
*EDITOR*::
The editor specified by the string *EDITOR* will be invoked instead of the default editor *vi*(1).
The editor specified by the string *EDITOR* will be invoked instead of the default editor *vi*(1).
== HISTORY