[deployment-guide/comm-rel: 27/74] ready for review
dsilas
dsilas at fedoraproject.org
Tue Jul 6 21:11:27 UTC 2010
commit a7a068a4ca3232358d104ad39e9d0addc07be82e
Author: fnadge <fnadge at redhat.com>
Date: Thu Jun 24 16:13:04 2010 +0200
ready for review
en-US/Users_and_Groups.xml | 519 +++++++++++++------------
en-US/images/Users_Groups-Create_New_User.png | Bin 35507 -> 129307 bytes
en-US/images/Users_Groups-User_Manager.png | Bin 26023 -> 44516 bytes
en-US/images/group-new.png | Bin 3111 -> 43377 bytes
en-US/images/group-properties.png | Bin 2991 -> 66401 bytes
en-US/images/user-properties.png | Bin 14297 -> 70120 bytes
6 files changed, 277 insertions(+), 242 deletions(-)
---
diff --git a/en-US/Users_and_Groups.xml b/en-US/Users_and_Groups.xml
index 753e83e..ac0aa63 100644
--- a/en-US/Users_and_Groups.xml
+++ b/en-US/Users_and_Groups.xml
@@ -105,7 +105,7 @@
</indexterm>
<para>To view a list of local users on the system, click the <guilabel>Users</guilabel> tab. To view a list of local groups on the system, click the <guilabel>Groups</guilabel> tab.</para>
<para>To find a specific user or group, type the first few letters of the name in the <guilabel>Search filter</guilabel> field. Press <keycap>Enter</keycap> or click the <guibutton>Apply filter</guibutton> button. The filtered list is displayed.</para>
- <para>To sort the users or groups, click on the column name. The users or groups are sorted according to the value of that column.</para>
+ <para>To sort the users or groups, click on the column User Name or Group Name. The users or groups are sorted according to the value of that column.</para>
<para>&MAJOROS; reserves user IDs below 500 for system users. By default, the <application>User Manager</application> does not display system users. To view all users, including the system users, go to <guimenuitem>Edit</guimenuitem> > <guimenuitem>Preferences</guimenuitem> and uncheck <guimenuitem>Hide system users and groups</guimenuitem> from the dialog box.</para>
<section
id="s2-redhat-config-users-user-new">
@@ -121,7 +121,7 @@
<title>Tip</title>
<para>It is advisable to use a much longer password, as this makes it more difficult for an intruder to guess it and access the account without permission. It is also recommended that the password not be based on a dictionary term; use a combination of letters, numbers and special characters.</para>
</note>
- <para>Select a login shell. If you are not sure which shell to select, accept the default value of <computeroutput>/bin/bash</computeroutput>. The default home directory is <filename>/home/<replaceable><username></replaceable>/</filename>. You can change the home directory that is created for the user, or you can choose not to create the home directory by unselecting <guilabel>Create home directory</guilabel>.</para>
+ <para>Select a login shell from the pulldown list. If you are not sure which shell to select, accept the default value of <computeroutput>/bin/bash</computeroutput>. The default home directory is <filename>/home/<replaceable><username></replaceable>/</filename>. You can change the home directory that is created for the user, or you can choose not to create the home directory by unselecting <guilabel>Create home directory</guilabel>.</para>
<para>If you select to create the home directory, default configuration files are copied from the <filename>/etc/skel/</filename> directory into the new home directory.</para>
<para>&MAJOROS; uses a <firstterm>user private group</firstterm> (UPG) scheme. The UPG scheme does not add or change anything in the standard UNIX way of handling groups; it offers a new convention. Whenever you create a new user, by default, a unique group with the same name as the user is created. If you do not want to create this group, unselect <guilabel>Create a private group for the user</guilabel>.</para>
<para>To specify a user ID for the user, select <guibutton>Specify user ID manually</guibutton>. If the option is not selected, the next available user ID above 500 is assigned to the new user. Because &MAJOROS; reserves user IDs below 500 for system users, it is not advisable to manually assign user IDs 1-499.</para>
@@ -560,271 +560,306 @@
</tgroup>
</table>
</section>
- <section
- id="s2-groups-add">
- <title>Adding a Group</title>
- <indexterm
- significance="normal">
- <primary>group configuration</primary>
- <secondary>
- <command>groupadd</command>
- </secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>adding</primary>
- <secondary>group</secondary>
- </indexterm>
- <para>To add a group to the system, use the command <command>groupadd</command>:</para>
- <screen>
-<command>groupadd <replaceable><group-name></replaceable>
- </command>
- </screen>
- <para>Command line options for <command>groupadd</command> are detailed in <xref
- linkend="table-groupadd-options"/>.</para>
- <table
- id="table-groupadd-options">
- <title>
- <command>groupadd</command> Command Line Options</title>
- <tgroup
- cols="2">
- <colspec
- colname="option"
- colnum="1"
- colwidth="20*"/>
- <colspec
- colname="description"
- colnum="2"
- colwidth="50*"/>
- <thead>
- <row>
- <entry>
+ <section id="s2-groups-add">
+ <title>Adding a Group</title>
+ <indexterm significance="normal">
+ <primary>group configuration</primary>
+ <secondary><command moreinfo="none">groupadd</command>
+ </secondary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>adding</primary>
+ <secondary>group</secondary>
+ </indexterm>
+ <para>
+ To add a group to the system, use the command <command moreinfo="none">groupadd</command>:
+ </para>
+<screen>
+<command moreinfo="none">groupadd <replaceable><group-name></replaceable></command>
+</screen>
+ <para>
+ Command line options for <command moreinfo="none">groupadd</command> are detailed in <xref linkend="table-groupadd-options"/>.
+ </para>
+
+ <table id="table-groupadd-options">
+ <title><command moreinfo="none">groupadd</command> Command Line Options</title>
+
+ <tgroup cols="2">
+ <colspec colnum="1" colname="option" colwidth="20*"></colspec>
+
+ <colspec colnum="2" colname="description" colwidth="50*"></colspec>
+ <thead><row>
+ <entry>
Option
</entry>
- <entry>
+
+ <entry>
Description
</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <option>-g</option>
- <replaceable><gid></replaceable>
- </entry>
- <entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <option>-g</option> <replaceable><gid></replaceable>
+ </entry>
+
+ <entry>
Group ID for the group, which must be unique and greater than 499
</entry>
- </row>
- <row>
- <entry>
- <option>-r</option>
- </entry>
- <entry>
+ </row>
+
+ <row>
+ <entry>
+ <option>-r</option>
+ </entry>
+
+ <entry>
Create a system group with a GID less than 500
</entry>
- </row>
- <row>
- <entry>
- <option>-f</option>
- </entry>
- <entry>
- When used with <option>-g</option>
- <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.
+ </row>
+
+ <row>
+ <entry>
+ <option>-f</option>
</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- </section>
- <section
- id="s2-redhat-config-users-passwd-aging">
- <title>Password Aging</title>
- <indexterm
- significance="normal">
- <primary>password</primary>
- <secondary>forcing expiration of</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>password</primary>
- <secondary>aging</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>expiration of password, forcing</primary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>chage</command> command</primary>
- <secondary>forcing password expiration with</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>user configuration</primary>
- <secondary>password</secondary>
- <tertiary>forcing expiration of</tertiary>
- </indexterm>
- <para>For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the <guilabel>Password Info</guilabel> tab of the <application>User Manager</application>.</para>
- <para>To configure password expiration for a user from a shell prompt, use the <command>chage</command> command, followed by an option from <xref
- linkend="table-chage-options"/>, followed by the username of the user.</para>
- <important>
- <title>Important</title>
- <para>Shadow passwords must be enabled to use the <command>chage</command> command.</para>
- </important>
- <table
- id="table-chage-options">
- <title>
- <command>chage</command> Command Line Options</title>
- <tgroup
- cols="2">
- <colspec
- colname="option"
- colnum="1"
- colwidth="20*"/>
- <colspec
- colname="description"
- colnum="2"
- colwidth="50*"/>
- <thead>
- <row>
- <entry>
+
+ <entry>
+ When used with <option>-g</option> <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.
+ </entry>
+
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </section>
+ <section id="s2-redhat-config-users-passwd-aging">
+ <title>Password Aging</title>
+ <indexterm significance="normal">
+ <primary>password</primary>
+ <secondary>forcing expiration of</secondary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>password</primary>
+ <secondary>aging</secondary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>expiration of password, forcing</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary><command moreinfo="none">chage</command> command</primary>
+ <secondary>forcing password expiration with</secondary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>user configuration</primary>
+ <secondary>password</secondary>
+ <tertiary>forcing expiration of</tertiary>
+ </indexterm>
+
+ <para>
+ For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the <guilabel moreinfo="none">Password Info</guilabel> tab of the <application>User Manager</application>.
+ </para>
+
+ <para>
+ To configure password expiration for a user from a shell prompt, use the <command moreinfo="none">chage</command> command with an option from <xref linkend="table-chage-options"/>, followed by the username.
+ </para>
+
+ <important>
+ <title>Important</title>
+
+ <para>
+ Shadow passwords must be enabled to use the <command moreinfo="none">chage</command> command. For more information, see <xref linkend="s1-users-groups-shadow-utilities" />.
+ </para>
+ </important>
+
+ <table id="table-chage-options">
+ <title><command moreinfo="none">chage</command> Command Line Options</title>
+
+ <tgroup cols="2">
+ <colspec colnum="1" colname="option" colwidth="20*"></colspec>
+
+ <colspec colnum="2" colname="description" colwidth="50*"></colspec>
+ <thead><row>
+ <entry>
Option
</entry>
- <entry>
+
+ <entry>
Description
</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <option>-m</option>
- <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <option>-m</option> <replaceable><days></replaceable>
+ </entry>
+
+ <entry>
Specifies the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire.
</entry>
- </row>
- <row>
- <entry>
- <option>-M</option>
- <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+
+ <row>
+ <entry>
+ <option>-M</option> <replaceable><days></replaceable>
+ </entry>
+
+ <entry>
Specifies the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the <option>-d</option> option is less than the current day, the user must change passwords before using the account.
</entry>
- </row>
- <row>
- <entry>
- <option>-d</option>
- <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+
+ <row>
+ <entry>
+ <option>-d</option> <replaceable><days></replaceable>
+ </entry>
+
+ <entry>
Specifies the number of days since January 1, 1970 the password was changed
</entry>
- </row>
- <row>
- <entry>
- <option>-I</option>
- <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+
+ <row>
+ <entry>
+ <option>-I</option> <replaceable><days></replaceable>
+ </entry>
+
+ <entry>
Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
</entry>
- </row>
- <row>
- <entry>
- <option>-E</option>
- <replaceable><date></replaceable>
- </entry>
- <entry>
+ </row>
+
+ <row>
+ <entry>
+ <option>-E</option> <replaceable><date></replaceable>
+ </entry>
+
+ <entry>
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
</entry>
- </row>
- <row>
- <entry>
- <option>-W</option>
- <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+
+ <row>
+ <entry>
+ <option>-W</option> <replaceable><days></replaceable>
+ </entry>
+
+ <entry>
Specifies the number of days before the password expiration date to warn the user.
</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- <note>
- <title>Tip</title>
- <para>If the <command>chage</command> command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed.</para>
- </note>
- <para>You can configure a password to expire the first time a user logs in. This forces users to change passwords the first time they log in.</para>
- <note>
- <title>Note</title>
- <para>This process will not work if the user logs in using the SSH protocol.</para>
- </note>
- <orderedlist
- continuation="restarts"
- inheritnum="ignore">
- <listitem>
- <para>
- <emphasis>Lock the user password</emphasis> — If the user does not exist, use the <command>useradd</command> command to create the user account, but do not give it a password so that it remains locked.</para>
- <para>If the password is already enabled, lock it with the command:</para>
- <screen>
-<command>usermod -L <replaceable>username</replaceable>
- </command>
- </screen>
- </listitem>
- <listitem>
- <para>
- <emphasis>Force immediate password expiration</emphasis> — Type the following command:</para>
- <screen>chage -d 0 <replaceable>username</replaceable>
- </screen>
- <para>This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.</para>
- </listitem>
- <listitem>
- <para>
- <emphasis>Unlock the account</emphasis> — There are two common approaches to this step. The administrator can assign an initial password or assign a null password.</para>
- <warning>
- <title>Warning</title>
- <para>Do not use the <command>passwd</command> command to set the password as it disables the immediate password expiration just configured.</para>
- </warning>
- <para>To assign an initial password, use the following steps:</para>
- <itemizedlist>
- <listitem>
- <para>Start the command line Python interpreter with the <command>python</command> command. It displays the following:</para>
- <screen> Python 2.4.3 (#1, Jul 21 2006, 08:46:09) [GCC 4.1.1 20060718 (Red Hat 4.1.1-9)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>></screen>
- </listitem>
- <listitem>
- <para>At the prompt, type the following commands. Replace <replaceable><password></replaceable> with the password to encrypt and <replaceable><salt></replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (/) character or a dot (.):</para>
- <screen>
-<command>import crypt; print crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt></replaceable>")</command>
- </screen>
- <para>The output is the encrypted password, similar to <computeroutput>'12CsGd8FRcMSM'</computeroutput>.</para>
- </listitem>
- <listitem>
- <para>Press <keycap>Ctrl</keycap>-<keycap>D</keycap> to exit the Python interpreter.</para>
- </listitem>
- <listitem>
- <para>At the shell, enter the following command (replacing <replaceable><encrypted-password></replaceable> with the encrypted output of the Python interpreter):</para>
- <screen>usermod -p "<replaceable><encrypted-password></replaceable>" <replaceable><username></replaceable>
- </screen>
- </listitem>
- </itemizedlist>
- <para>Alternatively, you can assign a null password instead of an initial password. To do this, use the following command:</para>
- <screen>usermod -p "" <replaceable>username</replaceable>
- </screen>
- <warning>
- <title>Caution</title>
- <para>Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first an access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.</para>
- </warning>
- <para>In either case, upon initial log in, the user is prompted for a new password.</para>
- </listitem>
- </orderedlist>
- </section>
- <section
- id="s2-redhat-config-users-process">
+ </row>
+
+ <row>
+ <entry>
+ <option>-l</option>
+ </entry>
+
+ <entry>
+ Lists current account aging settings.
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <note><title>Tip</title>
+ <para>
+ If the <command moreinfo="none">chage</command> command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
+ </para>
+ </note>
+
+ <para>
+ You can configure a password to expire the first time a user logs in. This forces users to change passwords immediately.
+ </para>
+
+ <orderedlist inheritnum="ignore" continuation="restarts">
+
+ <listitem>
+ <para>
+ <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step. The administrator can assign a default password or assign a null password.
+ </para>
+
+ <para>
+ To assign a default password, use the following steps:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ Start the command line Python interpreter with the <command moreinfo="none">python</command> command. It displays the following:
+ </para>
+
+<screen>
+Python 2.4.3 (#1, Jul 21 2006, 08:46:09)
+[GCC 4.1.1 20060718 (Application Stack 4.1.1-9)] on linux2
+Type "help", "copyright", "credits" or "license" for more information.
+>>></screen>
+
+ </listitem>
+
+ <listitem>
+
+ <para>At the prompt, type the following commands. Replace <replaceable><password></replaceable> with the password to encrypt and <replaceable><salt></replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (/) character or a dot (.):
+ </para>
+
+<screen>
+<command moreinfo="none">import crypt; print
+
+crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt></replaceable>")</command>
+</screen>
+
+ <para>
+ The output is the encrypted password, similar to <computeroutput moreinfo="none">'12CsGd8FRcMSM'</computeroutput>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Press <keycap moreinfo="none">Ctrl</keycap>-<keycap moreinfo="none">D</keycap> to exit the Python interpreter.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ At the shell, enter the following command (replacing <replaceable><encrypted-password></replaceable> with the encrypted output of the Python interpreter):
+
+ </para>
+
+<screen>usermod -p "<replaceable><encrypted-password></replaceable>" <replaceable><username></replaceable></screen>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ Alternatively, you can assign a null password instead of an initial password. To do this, use the following command:
+ </para>
+
+<screen>usermod -p "" <replaceable>username</replaceable></screen>
+ <warning>
+ <title>Caution</title>
+
+ <para>
+ Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first an access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
+ </para>
+
+ </warning>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis>Force immediate password expiration</emphasis> — Type the following command:
+ </para>
+<screen>chage -d 0 <replaceable>username</replaceable></screen>
+ <para>
+ This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
+ </para>
+ </listitem>
+ </orderedlist>
+
+ <para>
+ Upon the initial log in, the user is now prompted for a new password.
+ </para>
+ </section>
+<section id="s2-redhat-config-users-process">
<title>Explaining the Process</title>
<para>The following steps illustrate what happens if the command <command>useradd juan</command> is issued on a system that has shadow passwords enabled:</para>
<orderedlist
diff --git a/en-US/images/Users_Groups-Create_New_User.png b/en-US/images/Users_Groups-Create_New_User.png
index 1ff3453..b38f7b3 100644
Binary files a/en-US/images/Users_Groups-Create_New_User.png and b/en-US/images/Users_Groups-Create_New_User.png differ
diff --git a/en-US/images/Users_Groups-User_Manager.png b/en-US/images/Users_Groups-User_Manager.png
index 007648c..c314821 100644
Binary files a/en-US/images/Users_Groups-User_Manager.png and b/en-US/images/Users_Groups-User_Manager.png differ
diff --git a/en-US/images/group-new.png b/en-US/images/group-new.png
index 5e7d9ce..61eb0c3 100644
Binary files a/en-US/images/group-new.png and b/en-US/images/group-new.png differ
diff --git a/en-US/images/group-properties.png b/en-US/images/group-properties.png
index c04c833..36b0541 100644
Binary files a/en-US/images/group-properties.png and b/en-US/images/group-properties.png differ
diff --git a/en-US/images/user-properties.png b/en-US/images/user-properties.png
index 3efef4d..97179d9 100644
Binary files a/en-US/images/user-properties.png and b/en-US/images/user-properties.png differ
More information about the docs-commits
mailing list