[deployment-guide/comm-rel: 9/41] implemented all change requests
dsilas
dsilas at fedoraproject.org
Fri Jul 16 08:52:37 UTC 2010
commit 6b02037288b93c752fd81176ce4832f6227a4c97
Author: fnadge <fnadge at redhat.com>
Date: Fri Jul 9 10:26:45 2010 +0200
implemented all change requests
en-US/General_Parameters_and_Modules.xml | 138 +++++++++------------------
en-US/Users_and_Groups.xml | 156 ++++++++++++------------------
2 files changed, 106 insertions(+), 188 deletions(-)
---
diff --git a/en-US/General_Parameters_and_Modules.xml b/en-US/General_Parameters_and_Modules.xml
index 011d2a7..5cb69fc 100644
--- a/en-US/General_Parameters_and_Modules.xml
+++ b/en-US/General_Parameters_and_Modules.xml
@@ -6,34 +6,31 @@
<title>General Parameters and Modules</title>
<indexterm
significance="normal">
- <primary>kernel modules</primary>
+ <primary>kernel module</primary>
<secondary>introducing</secondary>
</indexterm>
<indexterm
significance="normal">
- <primary>modules</primary>
- <see>kernel modules</see>
+ <primary>module</primary>
+ <see>kernel module</see>
</indexterm>
<indexterm
significance="normal">
<primary>drivers</primary>
- <see>kernel modules</see>
+ <see>kernel module</see>
</indexterm>
<indexterm
significance="normal">
- <primary>kernel modules</primary>
+ <primary>kernel module</primary>
<secondary>types of</secondary>
</indexterm>
- <para>This chapter is provided to illustrate <emphasis>some</emphasis> of the possible parameters available for common hardware device <firstterm>drivers</firstterm>
- <footnote>
- <para>A driver is software which enables Linux to use a particular hardware device. Without a driver, the kernel cannot communicate with attached devices.</para>
- </footnote>, which under &MAJOROS; are called kernel <firstterm>modules</firstterm>. In most cases, the default parameters do work. However, there may be times when extra module parameters are necessary for a device to function properly or to override the module's default parameters for the device.</para>
+ <para>This chapter is provided to illustrate <emphasis>some</emphasis> of the possible parameters available for common hardware device <firstterm>drivers</firstterm><footnote><para>A <firstterm>driver</firstterm> is software that enables Linux to use a particular hardware device. Without a driver, the kernel cannot communicate with attached devices.</para></footnote>, which under &MAJOROS; are called <firstterm>kernel module</firstterm>s . In most cases, the default parameters do work. However, there may be times when extra module parameters are necessary for a device to function properly or to override the module's default parameters for the device.</para>
<para>During installation, &MAJOROS; uses a limited subset of device drivers to create a stable installation environment. Although the installation program supports installation on many different types of hardware, some drivers (including those for SCSI adapters and network adapters) are not included in the installation kernel. Rather, they must be loaded as modules by the user at boot time.</para>
<para>Once installation is completed, support exists for a large number of devices through kernel modules.</para>
<section
id="s1-kernel-module-utils">
- <title>Kernel Module Utilities</title>
- <para>A group of commands for managing kernel modules is available if the <filename>module-init-tools</filename> package is installed. Use these commands to determine if a module has been loaded successfully or when trying different modules for a piece of new hardware.</para>
+ <title>Kernel Module Utilities</title><indexterm><primary>kernel module</primary><secondary>utilities</secondary></indexterm>
+ <para>A group of commands for managing kernel modules is available if the <filename>module-init-tools</filename><indexterm><primary>kernel module</primary><secondary>commands</secondary><tertiary>group of</tertiary></indexterm><indexterm><primary>kernel module</primary><secondary>module-init-tools</secondary></indexterm> package is installed. Use these commands to determine if a module has been loaded successfully or when trying different modules for a piece of new hardware.</para>
<indexterm
significance="normal">
<primary>
@@ -42,7 +39,7 @@
</indexterm>
<indexterm
significance="normal">
- <primary>kernel modules</primary>
+ <primary>kernel module</primary>
<secondary>listing</secondary>
</indexterm>
<para>The command <command>/sbin/lsmod</command> displays a list of currently loaded modules. For example:</para>
@@ -99,7 +96,7 @@ dm_mod 73839 8 dm_mirror,dm_log</screen>
</indexterm>
<indexterm
significance="normal">
- <primary>kernel modules</primary>
+ <primary>kernel module</primary>
<secondary>loading</secondary>
</indexterm>
<para>To load a kernel module, use the <command>/sbin/modprobe</command> command followed by the kernel module name. By default, <command>modprobe</command> attempts to load the module from the <filename>/lib/modules/<replaceable><kernel-version></replaceable>/kernel/drivers/</filename> subdirectories. There is a subdirectory for each type of module, such as the <filename>net/</filename> subdirectory for network interface drivers. Some kernel modules have module dependencies, meaning that other modules must be loaded first for it to load. The <command>/sbin/modprobe</command> command checks for these dependencies and loads the module dependencies before loading the specified module.</para>
@@ -135,7 +132,7 @@ Symbol version prefix 'smp_'
</indexterm>
<indexterm
significance="normal">
- <primary>kernel modules</primary>
+ <primary>kernel module</primary>
<secondary>unload</secondary>
</indexterm>
<para>To unload kernel modules, use the <command>/sbin/rmmod</command> command followed by the module name. The <command>rmmod</command> utility only unloads modules that are not in use and that are not a dependency of other modules in use.</para>
@@ -154,16 +151,8 @@ Symbol version prefix 'smp_'
<section
id="s1-kernel-modules-persistant">
<title>Persistent Module Loading</title>
- <indexterm
- significance="normal">
- <primary>kernel modules</primary>
- <secondary>persistent loading</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>kernel modules</primary>
- <secondary>/etc/sysconfig/modules/</secondary>
- </indexterm>
+ <indexterm><primary>kernel module</primary><secondary>persistent loading</secondary></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>/etc/sysconfig/modules/</secondary></indexterm>
<para>Many kernel modules are loaded automatically at boot time, as <command>/sbin/lsmod</command> shows. You can specify other modules to be loaded at boot time by creating a file in the <filename>/etc/sysconfig/modules/</filename> directory. You can use any name you like for the file that you create, but you must give it a <filename>.modules</filename> extension, and you must make it executable by running the following command:</para>
<screen>modules]# <command>chmod 755 <replaceable><filename.modules></replaceable>
</command>
@@ -192,23 +181,9 @@ fi</programlisting>
<section
id="s1-modules-parameters-specifying">
<title>Specifying Module Parameters</title>
- <indexterm
- significance="normal">
- <primary>kernel modules</primary>
- <secondary>module parameters</secondary>
- <tertiary>specifying</tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>module parameters</primary>
- <see>kernel modules</see>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>modules</primary>
- <see>kernel modules</see>
- </indexterm>
- <para>In some situations, it may be necessary to supply parameters to a module as it is loaded for it to function properly.</para>
+ <indexterm><primary>kernel module</primary><secondary>module parameters</secondary><tertiary>specifying</tertiary></indexterm>
+ <indexterm><primary>module parameters</primary><see>kernel module</see></indexterm>
+ <para>In some situations, it may be necessary to supply parameters to a module<indexterm><primary>kernel module</primary><secondary>module parameters</secondary><tertiary>supplying</tertiary></indexterm> as it is loaded for it to function properly.</para>
<para>For instance, to enable full duplex at 100Mbps connection speed for an Intel Ether Express/100 card, load the <filename>e100</filename> driver with the <option>e100_speed_duplex=4</option> option.</para>
<important>
<title>Important: kernel module parameters separated by commas</title>
@@ -218,17 +193,8 @@ fi</programlisting>
<section
id="s1-modules-scsi">
<title>Storage parameters</title>
- <indexterm
- significance="normal">
- <primary>SCSI modules</primary>
- <see>kernel modules</see>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>kernel modules</primary>
- <secondary>SCSI modules</secondary>
- <tertiary>parameters</tertiary>
- </indexterm>
+ <indexterm><primary>SCSI module</primary><see>kernel module</see></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>SCSImodule</secondary><tertiary>parameters</tertiary></indexterm>
<table
id="tb-modules-scsiparameters">
<title>Storage Module Parameters</title>
@@ -493,26 +459,11 @@ fi</programlisting>
<section
id="s1-modules-ethernet">
<title>Ethernet Parameters</title>
- <indexterm
- significance="normal">
- <primary>Ethernet modules</primary>
- <see>kernel modules</see>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>kernel modules</primary>
- <secondary>Ethernet modules</secondary>
- <tertiary>parameters</tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>NIC modules</primary>
- <see>kernel modules</see>
- </indexterm>
- <important>
- <title>Important</title>
+ <indexterm><primary>Ethernet module</primary><see>kernel module</see></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>Ethernet module</secondary></indexterm>
+ <indexterm><primary>NIC module</primary><secondary>kernel module</secondary></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>NIC module</secondary></indexterm>
<para>Most modern Ethernet-based network interface cards (NICs), do not require module parameters to alter settings. Instead, they can be configured using <command>ethtool</command> or <command>mii-tool</command>. Only after these tools fail to work should module parameters be adjusted. Module paramaters can be viewed using the <command>modinfo</command> command.</para>
- </important>
<note>
<title>Note</title>
<para>For information about using these tools, consult the man pages for <command>ethtool</command>, <command>mii-tool</command>, and <command>modinfo</command>.</para>
@@ -906,12 +857,8 @@ fi</programlisting>
<section
id="s2-modules-multiple-eth">
<title>Using Multiple Ethernet Cards</title>
- <indexterm
- significance="normal">
- <primary>kernel modules</primary>
- <secondary>Ethernet modules</secondary>
- <tertiary>supporting multiple cards</tertiary>
- </indexterm>
+ <indexterm><primary>kernel module</primary><secondary>Ethernet module</secondary><tertiary>supporting multiple cards</tertiary></indexterm>
+ <indexterm><primary>Ethernet module</primary><see>kernel module</see></indexterm>
<para>It is possible to use multiple Ethernet cards on a single machine. For each card there must be an <command>alias</command> and, possibly, <command>options</command> lines for each card in a user-created <filename><replaceable><module_name></replaceable>.conf</filename> file in the <filename>/etc/modprobe.d/</filename> directory.</para>
<para>For additional information about using multiple Ethernet cards, refer to the <citetitle>Linux Ethernet-HOWTO</citetitle> online at <ulink
url="http://www.redhat.com/mirrors/LDP/HOWTO/Ethernet-HOWTO.html">http://www.redhat.com/mirrors/LDP/HOWTO/Ethernet-HOWTO.html</ulink>.</para>
@@ -919,12 +866,16 @@ fi</programlisting>
<section
id="s2-modules-bonding">
<title>The Channel Bonding Module</title>
- <indexterm
- significance="normal">
- <primary>channel bonding</primary>
- <secondary>bonding options</secondary>
- </indexterm>
- <para>&MAJOROS; allows administrators to bind NICs together into a single channel using the <filename>bonding</filename> kernel module and a special network interface, called a <firstterm>channel bonding interface</firstterm>. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.</para>
+ <indexterm><primary>channel bonding</primary><secondary>bonding options</secondary></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>channel bonding</secondary></indexterm>
+ <para>&MAJOROS; allows administrators to bind NICs
+ <indexterm><primary>NIC</primary><secondary>binding into single channel</secondary></indexterm>
+ together into a single channel using the <filename>bonding</filename> kernel module
+ <indexterm><primary>kernel module</primary><secondary>bonding kernel module</secondary></indexterm>
+ and a special network interface, called a <firstterm>channel bonding interface</firstterm>
+ <indexterm><primary>kernel module</primary><secondary>channel bonding interface</secondary></indexterm>
+ <indexterm><primary>channel bonding interface</primary><see>kernel module</see></indexterm>
+ . Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.</para>
<para>To channel bond multiple network interfaces, the administrator must perform the following steps:</para>
<orderedlist
continuation="restarts"
@@ -945,18 +896,21 @@ fi</programlisting>
</orderedlist>
<section
id="s3-modules-bonding-directives">
- <title>bonding Module Directives</title>
- <indexterm
- significance="normal">
- <primary>channel bonding</primary>
- <secondary>bonding options</secondary>
- </indexterm>
+ <title>Bonding Module Directives</title>
+ <indexterm><primary>channel bonding</primary><secondary>bonding directives</secondary></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>bonding kernel module</secondary><tertiary>bonding directives</tertiary></indexterm>
<para>It is a good idea to test which channel bonding module parameters work best for your bonded interfaces before adding them to the <parameter
- class="option">BONDING_OPTS="<replaceable><bonding parameters></replaceable>"</parameter> directive in your bonding interface configuration file (<filename>ifcfg-bond0</filename> for example). Parameters to bonded interfaces can be configured without unloading (and reloading) the bonding module by manipulating files in the <systemitem
+ class="option">BONDING_OPTS="<replaceable><bonding parameters></replaceable>"</parameter> directive in your bonding interface configuration file (<filename>ifcfg-bond0</filename> for example). Parameters to bonded interfaces can be configured
+ <indexterm><primary>channel bonding</primary><secondary>parameters to bonded interfaces</secondary></indexterm>
+ <indexterm><primary>kernel module</primary><secondary>bonding kernel module</secondary><tertiary>parameters to bonded interfaces</tertiary></indexterm>
+ without unloading (and reloading) the bonding module by manipulating files in the <systemitem
class="filesystem">sysfs</systemitem> file system.</para>
<para>
<systemitem
- class="filesystem">sysfs</systemitem> is a virtual file system that represents kernel objects as directories, files and symbolic links. <systemitem
+ class="filesystem">sysfs</systemitem>
+ <indexterm><primary>bonding kernel module</primary><secondary>sysfs</secondary></indexterm>
+ <indexterm><primary>kernel bonding</primary><secondary>sysfs</secondary></indexterm>
+ is a virtual file system that represents kernel objects as directories, files and symbolic links. <systemitem
class="filesystem">sysfs</systemitem> can be used to query for information about kernel objects, and can also manipulate those objects through the use of normal file system commands. The <systemitem
class="filesystem">sysfs</systemitem> virtual file system has a line in <filename>/etc/fstab</filename>, and is mounted under <filename>/sys</filename>.</para>
<para>All bonded interfaces can be configured dynamically by interacting with and manipulating files under the <filename>/sys/class/net/</filename> directory. After you have created a channel bonding interface file such as <filename>ifcfg-bond0</filename> and inserted <parameter
@@ -968,7 +922,7 @@ fi</programlisting>
<screen>~]# ifconfig bond0 up</screen>
<para>If you have correctly created the <filename>ifcfg-bond0</filename> bonding interface file, you will be able to see <computeroutput>bond0</computeroutput> listed in the output of running <command>ifconfig</command> (without any options):</para>
<screen>~]# ifconfig
-bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
+bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
diff --git a/en-US/Users_and_Groups.xml b/en-US/Users_and_Groups.xml
index 6365bb5..02c841a 100644
--- a/en-US/Users_and_Groups.xml
+++ b/en-US/Users_and_Groups.xml
@@ -204,36 +204,14 @@
</listitem>
<listitem>
<para>
- <guilabel>Account Info</guilabel> —
- <indexterm
- significance="normal">
- <primary>user configuration</primary>
- <secondary>setting user account expiration</secondary>
- </indexterm>
- Select <guibutton>Enable account expiration</guibutton> if you want the account to expire on a certain date. Enter the date in the provided fields.
- <indexterm
- significance="normal">
- <primary>user configuration</primary>
- <secondary>locking user accounts</secondary>
- </indexterm>
- Select <guilabel>Local password is locked</guilabel> to lock the user account and prevent the user from logging into the system.</para>
+ <guilabel>Account Info</guilabel> — Select <guibutton>Enable account expiration</guibutton> if you want the account to expire on a certain date. Enter the date in the provided fields. Select <guilabel>Local password is locked</guilabel> to lock the user account and prevent the user from logging into the system.</para>
</listitem>
<listitem>
- <indexterm
- significance="normal">
- <primary>user configuration</primary>
- <secondary>password expiration</secondary>
- </indexterm>
<para>
<guilabel>Password Info</guilabel> — Displays the date that the user's password last changed. To force the user to change passwords after a certain number of days, select <guilabel>Enable password expiration</guilabel> and enter a desired value in the <guilabel>Days before change required:</guilabel> field. The number of days before the user's password expires, the number of days before the user is warned to change passwords, and days before the account becomes inactive can also be changed.</para>
</listitem>
<listitem>
<para>
- <indexterm
- significance="normal">
- <primary>user configuration</primary>
- <secondary>adding users to groups</secondary>
- </indexterm>
<guilabel>Groups</guilabel> — Allows you to view and configure the Primary Group of the user, as well as other groups that you want the user to be a member of.</para>
</listitem>
</itemizedlist>
@@ -378,11 +356,8 @@
<primary>adding</primary>
<secondary>user</secondary>
</indexterm>
- <para>If you prefer command line tools or do not have the X Window System installed, use this section to configure users and groups.</para>
- </section>
- <section
- id="s2-users-add">
- <title>Adding a User</title>
+ <para>If you prefer command line tools or do not have the X Window System installed, use following to configure users and groups.</para>
+ <bridgehead>Adding a User</bridgehead>
<para>To add a user to the system:</para>
<indexterm
significance="normal">
@@ -517,7 +492,7 @@
</row>
<row>
<entry>
- <option>-n</option>
+ <option>-N</option>
</entry>
<entry>
Do not create a user private group for the user.
@@ -525,20 +500,20 @@
</row>
<row>
<entry>
- <option>-r</option>
+ <option>-p</option>
+ <replaceable><password></replaceable>
</entry>
<entry>
- Create a system account with a UID less than 500 and without a home directory
- </entry>
+ The password encrypted with <command>crypt</command>
+ </entry>
</row>
<row>
<entry>
- <option>-p</option>
- <replaceable><password></replaceable>
+ <option>-r</option>
</entry>
<entry>
- The password encrypted with <command>crypt</command>
- </entry>
+ Create a system account with a UID less than 500 and without a home directory
+ </entry>
</row>
<row>
<entry>
@@ -560,9 +535,7 @@
</tbody>
</tgroup>
</table>
- </section>
- <section id="s2-groups-add">
- <title>Adding a Group</title>
+<bridgehead>Adding a Group</bridgehead>
<indexterm significance="normal">
<primary>group configuration</primary>
<secondary><command moreinfo="none">groupadd</command>
@@ -600,45 +573,42 @@
</row>
</thead>
<tbody>
+ <row>
+ <entry>-f, --force</entry>
+ <entry>When used with <option>-g</option> <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.</entry>
+ </row>
<row>
<entry>
<option>-g</option> <replaceable><gid></replaceable>
</entry>
-
<entry>
Group ID for the group, which must be unique and greater than 499
</entry>
</row>
-
<row>
- <entry>
- <option>-r</option>
- </entry>
-
- <entry>
- Create a system group with a GID less than 500
- </entry>
+ <entry><option>-K, --key KEY=VALUE</option></entry>
+ <entry>override <code>/etc/login.defs</code> defaults</entry></row>
+ <row>
+ <entry><option>-o</option>, <option>--non-unique</option></entry>
+ <entry>allow to create groups with duplicate</entry>
+ </row>
+ <row>
+ <entry><option>-p</option>, <option>--password</option> <option>PASSWORD</option></entry>
+ <entry>use this encrypted password for the new group</entry>
</row>
-
<row>
<entry>
- <option>-f</option>
- </entry>
-
- <entry>
- When used with <option>-g</option> <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.
+ <option>-r</option>
</entry>
-
+ <entry> Create a system group with a GID less than 500</entry>
</row>
</tbody>
</tgroup>
</table>
- </section>
- <section id="s2-redhat-config-users-passwd-aging">
- <title>Password Aging</title>
+<bridgehead>Password Aging</bridgehead>
<indexterm significance="normal">
<primary>password</primary>
- <secondary>forcing expiration of</secondary>
+ <secondary>expire</secondary>
</indexterm>
<indexterm significance="normal">
<primary>password</primary>
@@ -693,71 +663,61 @@
<tbody>
<row>
<entry>
- <option>-m</option> <replaceable><days></replaceable>
+ <option>-d</option> <replaceable><days></replaceable>
</entry>
<entry>
- Specifies the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire.
+ Specifies the number of days since January 1, 1970 the password was changed
</entry>
</row>
-
<row>
<entry>
- <option>-M</option> <replaceable><days></replaceable>
+ <option>-E</option> <replaceable><date></replaceable>
</entry>
-
<entry>
- Specifies the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the <option>-d</option> option is less than the current day, the user must change passwords before using the account.
+ Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
</entry>
</row>
-
<row>
<entry>
- <option>-d</option> <replaceable><days></replaceable>
+ <option>-I</option> <replaceable><days></replaceable>
</entry>
<entry>
- Specifies the number of days since January 1, 1970 the password was changed
+ Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
</entry>
- </row>
-
+ </row>
<row>
<entry>
- <option>-I</option> <replaceable><days></replaceable>
+ <option>-l</option>
</entry>
-
<entry>
- Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
+ Lists current account aging settings.
</entry>
- </row>
-
+ </row>
<row>
<entry>
- <option>-E</option> <replaceable><date></replaceable>
+ <option>-m</option> <replaceable><days></replaceable>
</entry>
-
<entry>
- Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
+ Specify the minimum number of days after which the user must change passwords. If the value is 0, the password does not expire.
</entry>
</row>
-
<row>
<entry>
- <option>-W</option> <replaceable><days></replaceable>
+ <option>-M</option> <replaceable><days></replaceable>
</entry>
-
<entry>
- Specifies the number of days before the password expiration date to warn the user.
+ Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the <option>-d</option> option is less than the current day, the user must change passwords before using the account.
</entry>
</row>
-
<row>
<entry>
- <option>-l</option>
+ <option>-W</option> <replaceable><days></replaceable>
</entry>
<entry>
- Lists current account aging settings.
+ Specifies the number of days before the password expiration date to warn the user.
</entry>
</row>
</tbody>
@@ -839,7 +799,7 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
<title>Caution</title>
<para>
- Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first an access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
+ Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first and access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
</para>
</warning>
@@ -867,7 +827,8 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
continuation="restarts"
inheritnum="ignore">
<listitem>
- <para>A new line for <computeroutput>juan</computeroutput> is created in <filename>/etc/passwd</filename>. The line has the following characteristics:</para>
+ <para>A new line for <computeroutput>juan</computeroutput> is created in <filename>/etc/passwd</filename>.
+ <screen><code>juan:501:501::/home/juan:/bin/bash</code></screen>The line has the following characteristics:</para>
<itemizedlist>
<listitem>
<para>It begins with the username <computeroutput>juan</computeroutput>.</para>
@@ -876,7 +837,7 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
<para>There is an <computeroutput>x</computeroutput> for the password field indicating that the system is using shadow passwords.</para>
</listitem>
<listitem>
- <para>A UID greater than 499 is created. (Under &MAJOROS;, UIDs and GIDs below 500 are reserved for system use.)</para>
+ <para>A UID greater than 499 is created. (Under &MAJOROS;. UIDs and GIDs below 500 are reserved for system use ∧should not be assigned to users.</para>
</listitem>
<listitem>
<para>A GID greater than 499 is created.</para>
@@ -893,7 +854,8 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A new line for <computeroutput>juan</computeroutput> is created in <filename>/etc/shadow</filename>. The line has the following characteristics:</para>
+ <para>A new line for <computeroutput>juan</computeroutput> is created in <filename>/etc/shadow</filename>.
+ <screen><code>juan:!!:14798:0:99999:7:::</code></screen>The line has the following characteristics:</para>
<itemizedlist>
<listitem>
<para>It begins with the username <computeroutput>juan</computeroutput>.</para>
@@ -911,8 +873,7 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/group</filename>. A group with the same name as a user is called a <firstterm>user private group</firstterm>. For more information on user private groups, refer to <xref
- linkend="s2-redhat-config-users-user-new"/>.</para>
+ <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/group</filename>.<screen><code>juan:x:501:</code></screen> A group with the same name as a user is called a <firstterm>user private group</firstterm>. For more information on user private groups, refer to <xref linkend="s2-redhat-config-users-user-new"/>.</para>
<para>The line created in <filename>/etc/group</filename> has the following characteristics:</para>
<itemizedlist>
<listitem>
@@ -927,7 +888,7 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/gshadow</filename>. The line has the following characteristics:</para>
+ <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/gshadow</filename>.<screen><code>juan:!::</code></screen> The line has the following characteristics:</para>
<itemizedlist>
<listitem>
<para>It begins with the group name <computeroutput>juan</computeroutput>.</para>
@@ -941,10 +902,10 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A directory for user <computeroutput>juan</computeroutput> is created in the <filename>/home/</filename> directory. This directory is owned by user <computeroutput>juan</computeroutput> and group <computeroutput>juan</computeroutput>. However, it has read, write, and execute privileges <emphasis>only</emphasis> for the user <computeroutput>juan</computeroutput>. All other permissions are denied.</para>
+ <para>A directory for user <computeroutput>juan</computeroutput> is created in the <filename>/home/</filename> directory.<screen><code>ls -l /home</code><code>drwx------. 4 juan juan 4096 Jul 9 14:55 juan</code></screen> This directory is owned by user <computeroutput>juan</computeroutput> and group <computeroutput>juan</computeroutput>. It has <emphasis>read</emphasis>, <emphasis>write</emphasis>, and <emphasis>execute</emphasis> privileges <emphasis>only</emphasis> for the user <computeroutput>juan</computeroutput>. All other permissions are denied.</para>
</listitem>
<listitem>
- <para>The files within the <filename>/etc/skel/</filename> directory (which contain default user settings) are copied into the new <filename>/home/juan/</filename> directory.</para>
+ <para>The files within the <filename>/etc/skel/</filename> directory (which contain default user settings) are copied into the new <filename>/home/juan/</filename> directory.<screen><code></code></screen></para>
</listitem>
</orderedlist>
<para>At this point, a locked account called <computeroutput>juan</computeroutput> exists on the system. To activate it, the administrator must next assign a password to the account using the <command>passwd</command> command and, optionally, set password aging guidelines.</para>
@@ -2284,7 +2245,7 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
nfsnobody
</entry>
<entry>
- 65534
+ 4294967294
</entry>
<entry></entry>
</row>
@@ -2542,6 +2503,9 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
<command>chmod 2775 /usr/share/emacs/site-lisp</command>
</screen>
<para>At this point, because the default umask of each user is 002, all members of the <computeroutput>emacs</computeroutput> group can create and edit files in the <filename>/usr/share/emacs/site-lisp/</filename> directory without the administrator having to change file permissions every time users write new files.</para>
+ <para>The command <command>ls -l /usr/share/emacs/</command> displays the current settings:</para>
+ <screen><code>total 4</code>
+ <code>drwxrwsr-x. 2 root emacs 4096 May 18 15:41 site-lisp</code></screen>
</section>
</section>
<section
@@ -2558,7 +2522,7 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
<secondary>overview of</secondary>
</indexterm>
<para>In multiuser environments it is very important to use <firstterm>shadow passwords</firstterm> (provided by the <filename>shadow-utils</filename> package). Doing so enhances the security of system authentication files. For this reason, the installation program enables shadow passwords by default.</para>
- <para>The following lists the advantages pf shadow passwords have over the traditional way of storing passwords on UNIX-based systems:</para>
+ <para>The following list shows the advantages shadow passwords have over the traditional way of storing passwords on UNIX-based systems:</para>
<itemizedlist>
<listitem>
<para>Improves system security by moving encrypted password hashes from the world-readable <filename>/etc/passwd</filename> file to <filename>/etc/shadow</filename>, which is readable only by the root user.</para>
More information about the docs-commits
mailing list