[Pkg-shadow-devel] Bug#1005253: Bug#1005253: Bug#1005253: shadow: Improved manual page useradd.8
Serge E. Hallyn
serge at hallyn.com
Tue Feb 22 14:49:47 GMT 2022
On Fri, Feb 11, 2022 at 07:14:27PM +0100, Markus Hiereth wrote:
> Hi Serge,
>
> "Serge E. Hallyn" <serge at hallyn.com> schrieb am 11. Februar 2022 um 18:13
>
> > Thanks. The diff is especially helpful. Although a few of these hunks
> > appear to be just changes to the line breaks.
>
> > > @@ -219,14 +221,17 @@
> > > </term>
> > > <listitem>
> > > <para>
> > > - The number of days after a password expires until the account is
> > > - permanently disabled. A value of 0 disables the account as soon
> > > - as the password has expired, and a value of -1 disables the
> > > - feature.
> > > + defines the number of days after the password exceeded its maximum
> > > + age where the user is expected to replace this password. The value
> >
> > How about 'number of days after the password exceeded its maximum
> > age during which the user may login by immediately replacing this
> > password. The value is stored in the shadow password file.'
>
> I also thought that there is something better then "where the user..."
Actually how about "may still login by..."
> > > <para>
> > > If not specified, <command>useradd</command> will use the
> > > - default inactivity period specified by the
> > > + default inactivity onset specified by the
> >
> > "onset" is weird here.
>
> I looked up in a dictionary: "onset is the first attack or beginning
> (of something bad)" . There are similar usages: "onset of winter", a
> "hard onset" in phonetics, in medicine they speak of the "onset" of a
> disease.
>
> What do you think of "begin of inactivity"?
>
> You know I also suggested "grace period". But, expressing it this way,
> the connection to inactivity gets lost.
>
> I really dislike "inactivity period" as the user does not define the
> duration of inactivity but the number of days he will be able to do
> something against a shift of his account into the inactive state.
Grace period is good, actually. How about
"grace period before the account becomes inactive"?
> > > <option>INACTIVE</option> variable in
> > > <filename>/etc/default/useradd</filename>, or -1 by default.
> > > </para>
> > > @@ -237,8 +242,9 @@
> > > <option>-g</option>, <option>--gid</option> <replaceable>GROUP</replaceable>
> > > </term>
> > > <listitem>
> > > + <!--MH35-->
> >
> > This i assume is leftover marker to be dropped.
>
> Sure.
>
>
> > > @@ -398,10 +407,18 @@
> > > <option>-o</option>, <option>--non-unique</option>
> > > </term>
> > > <listitem>
> > > - <para>Allow the creation of a user account with a duplicate (non-unique) UID.</para>
> > > + <para>
> > > + allows the creation of an account with an already existing
> > > + UID.
> > > + </para>
> > > <para>
> > > This option is only valid in combination with the
> > > - <option>-u</option> option.
> > > + <option>-u</option> option. As a user identity
> > > + serves as
> > > + key to map between users on one hand and permissions, file
> > > + ownerships and other aspects that determine the system's
> > > + behavior on the other hand, more than one login name
> > > + will access the account of the given UID.
> > > </para>
> > > </listitem>
> > > </varlistentry>
> > > @@ -410,14 +427,25 @@
> > > <option>-p</option>, <option>--password</option> <replaceable>PASSWORD</replaceable>
> > > </term>
> > > <listitem>
> > > + <!--MH37-->
>
> > Drop this?
>
> yes
>
>
> > > @@ -488,11 +516,11 @@
> > > </term>
> > > <listitem>
> > > <para>
> > > - The name of the user's login shell. The default is to leave this
> > > - field blank, which causes the system to select the default login
> > > - shell specified by the <option>SHELL</option> variable in
> > > - <filename>/etc/default/useradd</filename>, or an empty string
> > > - by default.
> > > + sets the path to the user's login shell. Without this option,
> > > + the system will use the <option>SHELL</option> variable specified
> > > + in <filename>/etc/default/useradd</filename>, or, if that is as
> > > + well not set, the field for the login shell in <filename>/etc/passwd
> > > + </filename>remains empty.
> > > </para>
> > > </listitem>
> > > </varlistentry>
> > > @@ -533,13 +561,16 @@
> > > </varlistentry>
> > > <varlistentry>
> > > <term>
> > > - <option>-Z</option>, <option>--selinux-user</option> <replaceable>SEUSER</replaceable>
> > > + <option>-Z</option>, <option>--selinux
> > > + -user</option> <replaceable>SEUSER</replaceable>
>
> > Is the line break here accidental?
>
> Yes. I did not care for line breaks. This is a case where it would be
> better avoided or done in another way, without separation of --selinux-user.
>
> > > </term>
> > > <listitem>
> > > <para>
> > > - The SELinux user for the user's login. The default is to leave this
> > > - field blank, which causes the system to select the default SELinux
> > > - user.
> > > + defines the SELinux user for the new account. Without this
> > > + option, a SELinux uses the default user. Note that the
> >
> > s/a SELinux/SELinux/
>
> Yes.
>
>
>
> > > + shadow system doesn't store the selinux-user, it uses
> > > + <citerefentry><refentrytitle>semanage</refentrytitle>
> > > + <manvolnum>8</manvolnum></citerefentry> for that.
> > > </para>
> > > </listitem>
> > > </varlistentry>
> > > @@ -561,7 +592,7 @@
> > > </term>
> > > <listitem>
> > > <para>
> > > - The path prefix for a new user's home directory. The
> > > + The path prefix for new users' home directory. The
> >
> > the 'a' is more natural in English.
>
> No problen, use the singular
>
>
>
> > > @@ -578,7 +609,8 @@
> > > <option>-e</option>, <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable>
> > > </term>
> > > <listitem>
> > > - <para>The date on which the user account is disabled.</para>
> > > + <!--MH43-->
>
> All of these can be be erased
>
> > > + <para>The date on which newly created user accounts are disabled.</para>
> > > <para>
> > > This option sets the <option>EXPIRE</option> variable in
> > > <filename>/etc/default/useradd</filename>.
> > > @@ -590,9 +622,12 @@
> > > <option>-f</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
> > > </term>
> > > <listitem>
> > > + <!--MH44--><!--MH45-->
> > > <para>
> > > - The number of days after a password has expired before the
> > > - account will be disabled.
> > > + defines the number of days after the password exceeded its maximum
> > > + age where the user is expected to replace this password. See <citerefentry>
> >
>
> > maybe s/is expected to replace/is allowed to login after replacing/ ?
>
> I' neutral. The first action of useradd is _forcing_ the user to
> replace it. The consequece, i.e. the second effect, is, that he is
> _allowed_ to work again with the system.
Yes, I agree with that sentiment, it's just that the user's only forced
to replace it if they want to login :)
> > > + <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
> > > + </citerefentry>for more information.
> > > </para>
> > > <para>
> > > This option sets the <option>INACTIVE</option> variable in
> > > @@ -605,13 +640,9 @@
> > > <option>-g</option>, <option>--gid</option> <replaceable>GROUP</replaceable>
> > > </term>
> > > <listitem>
> > > - <para>
> > > - The group name or ID for a new user's initial group (when
> > > - the <option>-N/--no-user-group</option> is used or when the
> > > - <option>USERGROUPS_ENAB</option> variable is set to
> > > - <replaceable>no</replaceable> in
> > > - <filename>/etc/login.defs</filename>). The named
> > > - group must exist, and a numerical group ID must have an
> > > + <para>sets the default primary group for newly created users,
> > > + accepting group names or a numerical group ID. The named
> > > + group must exist, and the GID must have an
> > > existing entry.
>
> > I think this should still point out that this default only applies
> > when using --no-user-group/USERGROUPS_ENAB=no.
>
> I'm fine with re-inserting the parenthesis.
>
> With the exception of the "inactivity onset" "begin of inactivity"
> "grace period" problem, I would be able to edit the xml-file. But I
> think it spares you not much work.
thanks,
-serge
More information about the Pkg-shadow-devel
mailing list