[deployment-guide/comm-rel: 596/727] UsersGroups: indent the XML
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:15:30 UTC 2010
commit 4ceef5f1fd719697859e6fbaeb7328a92a40c8c1
Author: Douglas Silas <dhensley at redhat.com>
Date: Mon Sep 6 17:51:13 2010 +0200
UsersGroups: indent the XML
en-US/Users_and_Groups.xml | 489 ++++++++++++++++++++++++++------------------
1 files changed, 286 insertions(+), 203 deletions(-)
---
diff --git a/en-US/Users_and_Groups.xml b/en-US/Users_and_Groups.xml
index 4cca672..d69aa8c 100644
--- a/en-US/Users_and_Groups.xml
+++ b/en-US/Users_and_Groups.xml
@@ -142,7 +142,7 @@
</mediaobject>
</figure>
<para>To configure more advanced user properties, such as password expiration, modify the user's properties after adding the user.</para>
- <bridgehead>Modifying User Properties</bridgehead>
+ <bridgehead>Modifying User Properties</bridgehead>
<indexterm
significance="normal">
<primary>user configuration</primary>
@@ -352,7 +352,7 @@
<secondary>user</secondary>
</indexterm>
<para>If you prefer command line tools or do not have the X Window System installed, use following to configure users and groups.</para>
- <bridgehead>Adding a User</bridgehead>
+ <bridgehead>Adding a User</bridgehead>
<para>To add a user to the system:</para>
<indexterm
significance="normal">
@@ -530,292 +530,364 @@
</tbody>
</tgroup>
</table>
-<bridgehead>Adding a Group</bridgehead>
- <indexterm significance="normal">
- <primary>group configuration</primary>
- <secondary><command moreinfo="none">groupadd</command>
- </secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>adding</primary>
- <secondary>group</secondary>
- </indexterm>
- <para>
- To add a group to the system, use the command <command moreinfo="none">groupadd</command>:
+ <bridgehead>Adding a Group</bridgehead>
+ <indexterm
+ significance="normal">
+ <primary>group configuration</primary>
+ <secondary>
+ <command
+ moreinfo="none">groupadd</command>
+ </secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>adding</primary>
+ <secondary>group</secondary>
+ </indexterm>
+ <para>
+ To add a group to the system, use the command <command
+ moreinfo="none">groupadd</command>:
</para>
-<screen>
-<command moreinfo="none">groupadd <replaceable><group-name></replaceable></command>
-</screen>
- <para>
- Command line options for <command moreinfo="none">groupadd</command> are detailed in <xref linkend="table-groupadd-options"/>.
+ <screen>
+<command
+ moreinfo="none">groupadd <replaceable><group-name></replaceable>
+ </command>
+ </screen>
+ <para>
+ Command line options for <command
+ moreinfo="none">groupadd</command> are detailed in <xref
+ linkend="table-groupadd-options"/>.
</para>
- <table id="table-groupadd-options">
- <title><command moreinfo="none">groupadd</command> Command Line Options</title>
+ <table
+ id="table-groupadd-options">
+ <title>
+ <command
+ moreinfo="none">groupadd</command> Command Line Options</title>
- <tgroup cols="2">
- <colspec colnum="1" colname="option" colwidth="20*"></colspec>
+ <tgroup
+ cols="2">
+ <colspec
+ colnum="1"
+ colname="option"
+ colwidth="20*"></colspec>
- <colspec colnum="2" colname="description" colwidth="50*"></colspec>
- <thead><row>
- <entry>
+ <colspec
+ colnum="2"
+ colname="description"
+ colwidth="50*"></colspec>
+ <thead>
+ <row>
+ <entry>
Option
</entry>
- <entry>
+ <entry>
Description
</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>-f, --force</entry>
- <entry>When used with <option>-g</option> <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.</entry>
- </row>
- <row>
- <entry>
- <option>-g</option> <replaceable><gid></replaceable>
- </entry>
- <entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>-f, --force</entry>
+ <entry>When used with <option>-g</option>
+ <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-g</option>
+ <replaceable><gid></replaceable>
+ </entry>
+ <entry>
Group ID for the group, which must be unique and greater than 499
</entry>
- </row>
- <row>
- <entry><option>-K, --key KEY=VALUE</option></entry>
- <entry>override <code>/etc/login.defs</code> defaults</entry></row>
- <row>
- <entry><option>-o</option>, <option>--non-unique</option></entry>
- <entry>allow to create groups with duplicate</entry>
- </row>
- <row>
- <entry><option>-p</option>, <option>--password</option> <option>PASSWORD</option></entry>
- <entry>use this encrypted password for the new group</entry>
- </row>
- <row>
- <entry>
- <option>-r</option>
- </entry>
- <entry> Create a system group with a GID less than 500</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
-<bridgehead>Password Aging</bridgehead>
- <indexterm significance="normal">
- <primary>password</primary>
- <secondary>expire</secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>password</primary>
- <secondary>aging</secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>expiration of password, forcing</primary>
- </indexterm>
- <indexterm significance="normal">
- <primary><command moreinfo="none">chage</command> command</primary>
- <secondary>forcing password expiration with</secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>user configuration</primary>
- <secondary>password</secondary>
- <tertiary>forcing expiration of</tertiary>
- </indexterm>
+ </row>
+ <row>
+ <entry>
+ <option>-K, --key KEY=VALUE</option>
+ </entry>
+ <entry>override <code>/etc/login.defs</code> defaults</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-o</option>, <option>--non-unique</option>
+ </entry>
+ <entry>allow to create groups with duplicate</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-p</option>, <option>--password</option>
+ <option>PASSWORD</option>
+ </entry>
+ <entry>use this encrypted password for the new group</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-r</option>
+ </entry>
+ <entry> Create a system group with a GID less than 500</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <bridgehead>Password Aging</bridgehead>
+ <indexterm
+ significance="normal">
+ <primary>password</primary>
+ <secondary>expire</secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>password</primary>
+ <secondary>aging</secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>expiration of password, forcing</primary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>
+ <command
+ moreinfo="none">chage</command> command</primary>
+ <secondary>forcing password expiration with</secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>user configuration</primary>
+ <secondary>password</secondary>
+ <tertiary>forcing expiration of</tertiary>
+ </indexterm>
- <para>
- For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the <guilabel moreinfo="none">Password Info</guilabel> tab of the <application>User Manager</application>.
+ <para>
+ For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the <guilabel
+ moreinfo="none">Password Info</guilabel> tab of the <application>User Manager</application>.
</para>
- <para>
- To configure password expiration for a user from a shell prompt, use the <command moreinfo="none">chage</command> command with an option from <xref linkend="table-chage-options"/>, followed by the username.
+ <para>
+ To configure password expiration for a user from a shell prompt, use the <command
+ moreinfo="none">chage</command> command with an option from <xref
+ linkend="table-chage-options"/>, followed by the username.
</para>
- <important>
- <title>Important</title>
+ <important>
+ <title>Important</title>
- <para>
- Shadow passwords must be enabled to use the <command moreinfo="none">chage</command> command. For more information, see <xref linkend="s1-users-groups-shadow-utilities" />.
+ <para>
+ Shadow passwords must be enabled to use the <command
+ moreinfo="none">chage</command> command. For more information, see <xref
+ linkend="s1-users-groups-shadow-utilities" />.
</para>
- </important>
+ </important>
- <table id="table-chage-options">
- <title><command moreinfo="none">chage</command> Command Line Options</title>
+ <table
+ id="table-chage-options">
+ <title>
+ <command
+ moreinfo="none">chage</command> Command Line Options</title>
- <tgroup cols="2">
- <colspec colnum="1" colname="option" colwidth="20*"></colspec>
+ <tgroup
+ cols="2">
+ <colspec
+ colnum="1"
+ colname="option"
+ colwidth="20*"></colspec>
- <colspec colnum="2" colname="description" colwidth="50*"></colspec>
- <thead><row>
- <entry>
+ <colspec
+ colnum="2"
+ colname="description"
+ colwidth="50*"></colspec>
+ <thead>
+ <row>
+ <entry>
Option
</entry>
- <entry>
+ <entry>
Description
</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <option>-d</option> <replaceable><days></replaceable>
- </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <option>-d</option>
+ <replaceable><days></replaceable>
+ </entry>
- <entry>
+ <entry>
Specifies the number of days since January 1, 1970 the password was changed
</entry>
- </row>
- <row>
- <entry>
- <option>-E</option> <replaceable><date></replaceable>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-E</option>
+ <replaceable><date></replaceable>
+ </entry>
+ <entry>
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
</entry>
- </row>
- <row>
- <entry>
- <option>-I</option> <replaceable><days></replaceable>
- </entry>
+ </row>
+ <row>
+ <entry>
+ <option>-I</option>
+ <replaceable><days></replaceable>
+ </entry>
- <entry>
+ <entry>
Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
</entry>
- </row>
- <row>
- <entry>
- <option>-l</option>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-l</option>
+ </entry>
+ <entry>
Lists current account aging settings.
</entry>
- </row>
- <row>
- <entry>
- <option>-m</option> <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-m</option>
+ <replaceable><days></replaceable>
+ </entry>
+ <entry>
Specify the minimum number of days after which the user must change passwords. If the value is 0, the password does not expire.
</entry>
- </row>
- <row>
- <entry>
- <option>-M</option> <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-M</option>
+ <replaceable><days></replaceable>
+ </entry>
+ <entry>
Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the <option>-d</option> option is less than the current day, the user must change passwords before using the account.
</entry>
- </row>
- <row>
- <entry>
- <option>-W</option> <replaceable><days></replaceable>
- </entry>
+ </row>
+ <row>
+ <entry>
+ <option>-W</option>
+ <replaceable><days></replaceable>
+ </entry>
- <entry>
+ <entry>
Specifies the number of days before the password expiration date to warn the user.
</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- <note><title>Tip</title>
- <para>
- If the <command moreinfo="none">chage</command> command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <note>
+ <title>Tip</title>
+ <para>
+ If the <command
+ moreinfo="none">chage</command> command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
</para>
- </note>
+ </note>
- <para>
+ <para>
You can configure a password to expire the first time a user logs in. This forces users to change passwords immediately.
</para>
- <orderedlist inheritnum="ignore" continuation="restarts">
+ <orderedlist
+ inheritnum="ignore"
+ continuation="restarts">
- <listitem>
- <para>
- <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step. The administrator can assign a default password or assign a null password.
+ <listitem>
+ <para>
+ <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step. The administrator can assign a default password or assign a null password.
</para>
- <para>
+ <para>
To assign a default password, use the following steps:
</para>
- <itemizedlist>
- <listitem>
- <para>
- Start the command line Python interpreter with the <command moreinfo="none">python</command> command. It displays the following:
+ <itemizedlist>
+ <listitem>
+ <para>
+ Start the command line Python interpreter with the <command
+ moreinfo="none">python</command> command. It displays the following:
</para>
-<screen>
+ <screen>
Python 2.4.3 (#1, Jul 21 2006, 08:46:09)
[GCC 4.1.1 20060718 (Application Stack 4.1.1-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>></screen>
- </listitem>
+ </listitem>
- <listitem>
+ <listitem>
- <para>At the prompt, type the following commands. Replace <replaceable><password></replaceable> with the password to encrypt and <replaceable><salt></replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (/) character or a dot (.):
+ <para>At the prompt, type the following commands. Replace <replaceable><password></replaceable> with the password to encrypt and <replaceable><salt></replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (/) character or a dot (.):
</para>
-<screen>
-<command moreinfo="none">import crypt; print
+ <screen>
+<command
+ moreinfo="none">import crypt; print
crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt></replaceable>")</command>
-</screen>
+ </screen>
- <para>
- The output is the encrypted password, similar to <computeroutput moreinfo="none">'12CsGd8FRcMSM'</computeroutput>.
+ <para>
+ The output is the encrypted password, similar to <computeroutput
+ moreinfo="none">'12CsGd8FRcMSM'</computeroutput>.
</para>
- </listitem>
+ </listitem>
- <listitem>
- <para>
- Press <keycap moreinfo="none">Ctrl</keycap>-<keycap moreinfo="none">D</keycap> to exit the Python interpreter.
+ <listitem>
+ <para>
+ Press <keycap
+ moreinfo="none">Ctrl</keycap>-<keycap
+ moreinfo="none">D</keycap> to exit the Python interpreter.
</para>
- </listitem>
+ </listitem>
- <listitem>
- <para>
+ <listitem>
+ <para>
At the shell, enter the following command (replacing <replaceable><encrypted-password></replaceable> with the encrypted output of the Python interpreter):
</para>
-<screen>usermod -p "<replaceable><encrypted-password></replaceable>" <replaceable><username></replaceable></screen>
- </listitem>
- </itemizedlist>
+ <screen>usermod -p "<replaceable><encrypted-password></replaceable>" <replaceable><username></replaceable>
+ </screen>
+ </listitem>
+ </itemizedlist>
- <para>
+ <para>
Alternatively, you can assign a null password instead of an initial password. To do this, use the following command:
</para>
-<screen>usermod -p "" <replaceable>username</replaceable></screen>
- <warning>
- <title>Caution</title>
+ <screen>usermod -p "" <replaceable>username</replaceable>
+ </screen>
+ <warning>
+ <title>Caution</title>
- <para>
+ <para>
Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first and access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
</para>
- </warning>
- </listitem>
+ </warning>
+ </listitem>
- <listitem>
- <para>
- <emphasis>Force immediate password expiration</emphasis> — Type the following command:
+ <listitem>
+ <para>
+ <emphasis>Force immediate password expiration</emphasis> — Type the following command:
</para>
-<screen>chage -d 0 <replaceable>username</replaceable></screen>
- <para>
+ <screen>chage -d 0 <replaceable>username</replaceable>
+ </screen>
+ <para>
This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
</para>
- </listitem>
- </orderedlist>
+ </listitem>
+ </orderedlist>
<para>
Upon the initial log in, the user is now prompted for a new password.
</para>
- </section>
-<section id="s2-redhat-config-users-process">
+ </section>
+ <section
+ id="s2-redhat-config-users-process">
<title>Explaining the Process</title>
<para>The following steps illustrate what happens if the command <command>useradd juan</command> is issued on a system that has shadow passwords enabled:</para>
<orderedlist
@@ -823,7 +895,8 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
inheritnum="ignore">
<listitem>
<para>A new line for <computeroutput>juan</computeroutput> is created in <filename>/etc/passwd</filename>.
- <screen><code>juan:x:501:501::/home/juan:/bin/bash</code></screen>The line has the following characteristics:</para>
+ <screen><code>juan:x:501:501::/home/juan:/bin/bash</code>
+ </screen>The line has the following characteristics:</para>
<itemizedlist>
<listitem>
<para>It begins with the username <computeroutput>juan</computeroutput>.</para>
@@ -850,7 +923,8 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</listitem>
<listitem>
<para>A new line for <computeroutput>juan</computeroutput> is created in <filename>/etc/shadow</filename>.
- <screen><code>juan:!!:14798:0:99999:7:::</code></screen>The line has the following characteristics:</para>
+ <screen><code>juan:!!:14798:0:99999:7:::</code>
+ </screen>The line has the following characteristics:</para>
<itemizedlist>
<listitem>
<para>It begins with the username <computeroutput>juan</computeroutput>.</para>
@@ -868,7 +942,9 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/group</filename>.<screen><code>juan:x:501:</code></screen> A group with the same name as a user is called a <firstterm>user private group</firstterm>. For more information on user private groups, refer to <xref linkend="s2-redhat-config-users-user-new"/>.</para>
+ <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/group</filename>.<screen><code>juan:x:501:</code>
+ </screen> A group with the same name as a user is called a <firstterm>user private group</firstterm>. For more information on user private groups, refer to <xref
+ linkend="s2-redhat-config-users-user-new"/>.</para>
<para>The line created in <filename>/etc/group</filename> has the following characteristics:</para>
<itemizedlist>
<listitem>
@@ -883,7 +959,8 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/gshadow</filename>.<screen><code>juan:!::</code></screen> The line has the following characteristics:</para>
+ <para>A new line for a group named <computeroutput>juan</computeroutput> is created in <filename>/etc/gshadow</filename>.<screen><code>juan:!::</code>
+ </screen> The line has the following characteristics:</para>
<itemizedlist>
<listitem>
<para>It begins with the group name <computeroutput>juan</computeroutput>.</para>
@@ -897,10 +974,14 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</itemizedlist>
</listitem>
<listitem>
- <para>A directory for user <computeroutput>juan</computeroutput> is created in the <filename>/home/</filename> directory.<screen><code>ls -l /home</code><code>drwx------. 4 juan juan 4096 Jul 9 14:55 juan</code></screen> This directory is owned by user <computeroutput>juan</computeroutput> and group <computeroutput>juan</computeroutput>. It has <emphasis>read</emphasis>, <emphasis>write</emphasis>, and <emphasis>execute</emphasis> privileges <emphasis>only</emphasis> for the user <computeroutput>juan</computeroutput>. All other permissions are denied.</para>
+ <para>A directory for user <computeroutput>juan</computeroutput> is created in the <filename>/home/</filename> directory.<screen><code>ls -l /home</code>
+ <code>drwx------. 4 juan juan 4096 Jul 9 14:55 juan</code>
+ </screen> This directory is owned by user <computeroutput>juan</computeroutput> and group <computeroutput>juan</computeroutput>. It has <emphasis>read</emphasis>, <emphasis>write</emphasis>, and <emphasis>execute</emphasis> privileges <emphasis>only</emphasis> for the user <computeroutput>juan</computeroutput>. All other permissions are denied.</para>
</listitem>
<listitem>
- <para>The files within the <filename>/etc/skel/</filename> directory (which contain default user settings) are copied into the new <filename>/home/juan/</filename> directory.<screen><code></code></screen></para>
+ <para>The files within the <filename>/etc/skel/</filename> directory (which contain default user settings) are copied into the new <filename>/home/juan/</filename> directory.<screen><code></code>
+ </screen>
+ </para>
</listitem>
</orderedlist>
<para>At this point, a locked account called <computeroutput>juan</computeroutput> exists on the system. To activate it, the administrator must next assign a password to the account using the <command>passwd</command> command and, optionally, set password aging guidelines.</para>
@@ -2499,8 +2580,10 @@ crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt
</screen>
<para>At this point, because the default umask of each user is 002, all members of the <computeroutput>emacs</computeroutput> group can create and edit files in the <filename>/usr/share/emacs/site-lisp/</filename> directory without the administrator having to change file permissions every time users write new files.</para>
<para>The command <command>ls -l /usr/share/emacs/</command> displays the current settings:</para>
- <screen><code>total 4</code>
-<code>drwxrwsr-x. 2 root emacs 4096 May 18 15:41 site-lisp</code></screen>
+ <screen>
+ <code>total 4</code>
+<code>drwxrwsr-x. 2 root emacs 4096 May 18 15:41 site-lisp</code>
+ </screen>
</section>
</section>
<section
More information about the docs-commits
mailing list