On Fri, Feb 11, 2022 at 07:14:27PM +0100, Markus Hiereth wrote: > Hi Serge, > > "Serge E. Hallyn" <se...@hallyn.com> schrieb am 11. Februar 2022 um 18:13 > > > Thanks. The diff is especially helpful. Although a few of these hunks > > appear to be just changes to the line breaks. > > > > @@ -219,14 +221,17 @@ > > > </term> > > > <listitem> > > > <para> > > > - The number of days after a password expires until the account is > > > - permanently disabled. A value of 0 disables the account as soon > > > - as the password has expired, and a value of -1 disables the > > > - feature. > > > + defines the number of days after the password exceeded its > > > maximum > > > + age where the user is expected to replace this password. The > > > value > > > > How about 'number of days after the password exceeded its maximum > > age during which the user may login by immediately replacing this > > password. The value is stored in the shadow password file.' > > I also thought that there is something better then "where the user..."
Actually how about "may still login by..." > > > <para> > > > If not specified, <command>useradd</command> will use the > > > - default inactivity period specified by the > > > + default inactivity onset specified by the > > > > "onset" is weird here. > > I looked up in a dictionary: "onset is the first attack or beginning > (of something bad)" . There are similar usages: "onset of winter", a > "hard onset" in phonetics, in medicine they speak of the "onset" of a > disease. > > What do you think of "begin of inactivity"? > > You know I also suggested "grace period". But, expressing it this way, > the connection to inactivity gets lost. > > I really dislike "inactivity period" as the user does not define the > duration of inactivity but the number of days he will be able to do > something against a shift of his account into the inactive state. Grace period is good, actually. How about "grace period before the account becomes inactive"? > > > <option>INACTIVE</option> variable in > > > <filename>/etc/default/useradd</filename>, or -1 by default. > > > </para> > > > @@ -237,8 +242,9 @@ > > > <option>-g</option>, > > > <option>--gid</option> <replaceable>GROUP</replaceable> > > > </term> > > > <listitem> > > > + <!--MH35--> > > > > This i assume is leftover marker to be dropped. > > Sure. > > > > > @@ -398,10 +407,18 @@ > > > <option>-o</option>, <option>--non-unique</option> > > > </term> > > > <listitem> > > > - <para>Allow the creation of a user account with a duplicate > > > (non-unique) UID.</para> > > > + <para> > > > + allows the creation of an account with an already existing > > > + UID. > > > + </para> > > > <para> > > > This option is only valid in combination with the > > > - <option>-u</option> option. > > > + <option>-u</option> option. As a user identity > > > + serves as > > > + key to map between users on one hand and permissions, file > > > + ownerships and other aspects that determine the system's > > > + behavior on the other hand, more than one login name > > > + will access the account of the given UID. > > > </para> > > > </listitem> > > > </varlistentry> > > > @@ -410,14 +427,25 @@ > > > <option>-p</option>, > > > <option>--password</option> <replaceable>PASSWORD</replaceable> > > > </term> > > > <listitem> > > > + <!--MH37--> > > > Drop this? > > yes > > > > > @@ -488,11 +516,11 @@ > > > </term> > > > <listitem> > > > <para> > > > - The name of the user's login shell. The default is to leave this > > > - field blank, which causes the system to select the default login > > > - shell specified by the <option>SHELL</option> variable in > > > - <filename>/etc/default/useradd</filename>, or an empty string > > > - by default. > > > + sets the path to the user's login shell. Without this option, > > > + the system will use the <option>SHELL</option> variable > > > specified > > > + in <filename>/etc/default/useradd</filename>, or, if that is as > > > + well not set, the field for the login shell in <filename>/etc/passwd > > > + </filename>remains empty. > > > </para> > > > </listitem> > > > </varlistentry> > > > @@ -533,13 +561,16 @@ > > > </varlistentry> > > > <varlistentry> > > > <term> > > > - <option>-Z</option>, > > > <option>--selinux-user</option> <replaceable>SEUSER</replaceable> > > > + <option>-Z</option>, <option>--selinux > > > + -user</option> <replaceable>SEUSER</replaceable> > > > Is the line break here accidental? > > Yes. I did not care for line breaks. This is a case where it would be > better avoided or done in another way, without separation of --selinux-user. > > > > </term> > > > <listitem> > > > <para> > > > - The SELinux user for the user's login. The default is to leave this > > > - field blank, which causes the system to select the default SELinux > > > - user. > > > + defines the SELinux user for the new account. Without this > > > + option, a SELinux uses the default user. Note that the > > > > s/a SELinux/SELinux/ > > Yes. > > > > > > + shadow system doesn't store the selinux-user, it uses > > > + <citerefentry><refentrytitle>semanage</refentrytitle> > > > + <manvolnum>8</manvolnum></citerefentry> for that. > > > </para> > > > </listitem> > > > </varlistentry> > > > @@ -561,7 +592,7 @@ > > > </term> > > > <listitem> > > > <para> > > > - The path prefix for a new user's home directory. The > > > + The path prefix for new users' home directory. The > > > > the 'a' is more natural in English. > > No problen, use the singular > > > > > > @@ -578,7 +609,8 @@ > > > <option>-e</option>, > > > <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable> > > > </term> > > > <listitem> > > > - <para>The date on which the user account is disabled.</para> > > > + <!--MH43--> > > All of these can be be erased > > > > + <para>The date on which newly created user accounts are > > > disabled.</para> > > > <para> > > > This option sets the <option>EXPIRE</option> variable in > > > <filename>/etc/default/useradd</filename>. > > > @@ -590,9 +622,12 @@ > > > <option>-f</option>, > > > <option>--inactive</option> <replaceable>INACTIVE</replaceable> > > > </term> > > > <listitem> > > > + <!--MH44--><!--MH45--> > > > <para> > > > - The number of days after a password has expired before the > > > - account will be disabled. > > > + defines the number of days after the password exceeded its > > > maximum > > > + age where the user is expected to replace this password. > > > See <citerefentry> > > > > > maybe s/is expected to replace/is allowed to login after replacing/ ? > > I' neutral. The first action of useradd is _forcing_ the user to > replace it. The consequece, i.e. the second effect, is, that he is > _allowed_ to work again with the system. Yes, I agree with that sentiment, it's just that the user's only forced to replace it if they want to login :) > > > + <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum> > > > + </citerefentry>for more information. > > > </para> > > > <para> > > > This option sets the <option>INACTIVE</option> variable in > > > @@ -605,13 +640,9 @@ > > > <option>-g</option>, > > > <option>--gid</option> <replaceable>GROUP</replaceable> > > > </term> > > > <listitem> > > > - <para> > > > - The group name or ID for a new user's initial group (when > > > - the <option>-N/--no-user-group</option> is used or when the > > > - <option>USERGROUPS_ENAB</option> variable is set to > > > - <replaceable>no</replaceable> in > > > - <filename>/etc/login.defs</filename>). The named > > > - group must exist, and a numerical group ID must have an > > > + <para>sets the default primary group for newly created users, > > > + accepting group names or a numerical group ID. The named > > > + group must exist, and the GID must have an > > > existing entry. > > > I think this should still point out that this default only applies > > when using --no-user-group/USERGROUPS_ENAB=no. > > I'm fine with re-inserting the parenthesis. > > With the exception of the "inactivity onset" "begin of inactivity" > "grace period" problem, I would be able to edit the xml-file. But I > think it spares you not much work. thanks, -serge