Hi Serge, "Serge E. Hallyn" <se...@hallyn.com> schrieb am 11. Februar 2022 um 18:13 > Thanks. The diff is especially helpful. Although a few of these hunks > appear to be just changes to the line breaks.
> > @@ -219,14 +221,17 @@ > > </term> > > <listitem> > > <para> > > - The number of days after a password expires until the account is > > - permanently disabled. A value of 0 disables the account as soon > > - as the password has expired, and a value of -1 disables the > > - feature. > > + defines the number of days after the password exceeded its > > maximum > > + age where the user is expected to replace this password. The > > value > > How about 'number of days after the password exceeded its maximum > age during which the user may login by immediately replacing this > password. The value is stored in the shadow password file.' I also thought that there is something better then "where the user..." > > <para> > > If not specified, <command>useradd</command> will use the > > - default inactivity period specified by the > > + default inactivity onset specified by the > > "onset" is weird here. I looked up in a dictionary: "onset is the first attack or beginning (of something bad)" . There are similar usages: "onset of winter", a "hard onset" in phonetics, in medicine they speak of the "onset" of a disease. What do you think of "begin of inactivity"? You know I also suggested "grace period". But, expressing it this way, the connection to inactivity gets lost. I really dislike "inactivity period" as the user does not define the duration of inactivity but the number of days he will be able to do something against a shift of his account into the inactive state. > > <option>INACTIVE</option> variable in > > <filename>/etc/default/useradd</filename>, or -1 by default. > > </para> > > @@ -237,8 +242,9 @@ > > <option>-g</option>, > > <option>--gid</option> <replaceable>GROUP</replaceable> > > </term> > > <listitem> > > + <!--MH35--> > > This i assume is leftover marker to be dropped. Sure. > > @@ -398,10 +407,18 @@ > > <option>-o</option>, <option>--non-unique</option> > > </term> > > <listitem> > > - <para>Allow the creation of a user account with a duplicate > > (non-unique) UID.</para> > > + <para> > > + allows the creation of an account with an already existing > > + UID. > > + </para> > > <para> > > This option is only valid in combination with the > > - <option>-u</option> option. > > + <option>-u</option> option. As a user identity > > + serves as > > + key to map between users on one hand and permissions, file > > + ownerships and other aspects that determine the system's > > + behavior on the other hand, more than one login name > > + will access the account of the given UID. > > </para> > > </listitem> > > </varlistentry> > > @@ -410,14 +427,25 @@ > > <option>-p</option>, > > <option>--password</option> <replaceable>PASSWORD</replaceable> > > </term> > > <listitem> > > + <!--MH37--> > Drop this? yes > > @@ -488,11 +516,11 @@ > > </term> > > <listitem> > > <para> > > - The name of the user's login shell. The default is to leave this > > - field blank, which causes the system to select the default login > > - shell specified by the <option>SHELL</option> variable in > > - <filename>/etc/default/useradd</filename>, or an empty string > > - by default. > > + sets the path to the user's login shell. Without this option, > > + the system will use the <option>SHELL</option> variable > > specified > > + in <filename>/etc/default/useradd</filename>, or, if that is as > > + well not set, the field for the login shell in <filename>/etc/passwd > > + </filename>remains empty. > > </para> > > </listitem> > > </varlistentry> > > @@ -533,13 +561,16 @@ > > </varlistentry> > > <varlistentry> > > <term> > > - <option>-Z</option>, > > <option>--selinux-user</option> <replaceable>SEUSER</replaceable> > > + <option>-Z</option>, <option>--selinux > > + -user</option> <replaceable>SEUSER</replaceable> > Is the line break here accidental? Yes. I did not care for line breaks. This is a case where it would be better avoided or done in another way, without separation of --selinux-user. > > </term> > > <listitem> > > <para> > > - The SELinux user for the user's login. The default is to leave this > > - field blank, which causes the system to select the default SELinux > > - user. > > + defines the SELinux user for the new account. Without this > > + option, a SELinux uses the default user. Note that the > > s/a SELinux/SELinux/ Yes. > > + shadow system doesn't store the selinux-user, it uses > > + <citerefentry><refentrytitle>semanage</refentrytitle> > > + <manvolnum>8</manvolnum></citerefentry> for that. > > </para> > > </listitem> > > </varlistentry> > > @@ -561,7 +592,7 @@ > > </term> > > <listitem> > > <para> > > - The path prefix for a new user's home directory. The > > + The path prefix for new users' home directory. The > > the 'a' is more natural in English. No problen, use the singular > > @@ -578,7 +609,8 @@ > > <option>-e</option>, > > <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable> > > </term> > > <listitem> > > - <para>The date on which the user account is disabled.</para> > > + <!--MH43--> All of these can be be erased > > + <para>The date on which newly created user accounts are > > disabled.</para> > > <para> > > This option sets the <option>EXPIRE</option> variable in > > <filename>/etc/default/useradd</filename>. > > @@ -590,9 +622,12 @@ > > <option>-f</option>, > > <option>--inactive</option> <replaceable>INACTIVE</replaceable> > > </term> > > <listitem> > > + <!--MH44--><!--MH45--> > > <para> > > - The number of days after a password has expired before the > > - account will be disabled. > > + defines the number of days after the password exceeded its > > maximum > > + age where the user is expected to replace this password. See > > <citerefentry> > > maybe s/is expected to replace/is allowed to login after replacing/ ? I' neutral. The first action of useradd is _forcing_ the user to replace it. The consequece, i.e. the second effect, is, that he is _allowed_ to work again with the system. > > + <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum> > > + </citerefentry>for more information. > > </para> > > <para> > > This option sets the <option>INACTIVE</option> variable in > > @@ -605,13 +640,9 @@ > > <option>-g</option>, > > <option>--gid</option> <replaceable>GROUP</replaceable> > > </term> > > <listitem> > > - <para> > > - The group name or ID for a new user's initial group (when > > - the <option>-N/--no-user-group</option> is used or when the > > - <option>USERGROUPS_ENAB</option> variable is set to > > - <replaceable>no</replaceable> in > > - <filename>/etc/login.defs</filename>). The named > > - group must exist, and a numerical group ID must have an > > + <para>sets the default primary group for newly created users, > > + accepting group names or a numerical group ID. The named > > + group must exist, and the GID must have an > > existing entry. > I think this should still point out that this default only applies > when using --no-user-group/USERGROUPS_ENAB=no. I'm fine with re-inserting the parenthesis. With the exception of the "inactivity onset" "begin of inactivity" "grace period" problem, I would be able to edit the xml-file. But I think it spares you not much work. Best regards Markus _______________________________________________ Pkg-shadow-devel mailing list Pkg-shadow-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel