granicus.if.org Git - shadow/blob - man/gpasswd.1.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
   4 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
   5 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
   6 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
   7 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
   8 ]>
   9
  10 <refentry id='gpasswd.1'>
  11   <!-- $Id$ -->
  12   <refmeta>
  13     <refentrytitle>gpasswd</refentrytitle>
  14     <manvolnum>1</manvolnum>
  15     <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  16   </refmeta>
  17   <refnamediv id='name'>
  18     <refname>gpasswd</refname>
  19     <refpurpose>
  20       administer the <filename>/etc/group</filename>
  21       <phrase condition="gshadow">and <filename>/etc/gshadow</filename>
  22       files</phrase>
  23       <phrase condition="no_gshadow">file</phrase>
  24     </refpurpose>
  25   </refnamediv>
  26   <!-- body begins here -->
  27   <refsynopsisdiv id='synopsis'>
  28     <cmdsynopsis>
  29       <command>gpasswd</command>
  30       <arg choice='opt'>
  31         <replaceable>option</replaceable>
  32       </arg>
  33       <arg choice='plain'>
  34         <replaceable>group</replaceable>
  35       </arg>
  36     </cmdsynopsis>
  37   </refsynopsisdiv>
  38
  39   <refsect1 id='description'>
  40     <title>DESCRIPTION</title>
  41     <para>
  42       The <command>gpasswd</command> command is used to administer
  43       <filename>/etc/group</filename><phrase condition="gshadow">,
  44       and <filename>/etc/gshadow</filename></phrase>.
  45       Every group can have
  46       <phrase condition="gshadow">administrators,</phrase>
  47       members and a password.
  48     </para>
  49     <para condition="gshadow">
  50       System administrator can use the <option>-A</option> option to define
  51       group administrator(s) and the <option>-M</option> option to define
  52       members and has all rights of group administrators and members.
  53     </para>
  54     <para>
  55       <command>gpasswd</command> called by
  56       <phrase condition="gshadow">a group administrator</phrase>
  57       <phrase condition="no_gshadow">a system administrator</phrase>
  58       with a group name only prompts for the new password of the
  59       <replaceable>group</replaceable>.
  60     </para>
  61     <para>
  62       If a password is set the members can still <citerefentry>
  63       <refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
  64       </citerefentry> without a password, and non-members must supply the
  65       password.
  66     </para>
  67
  68     <refsect2 id='notes_about_group_passwords'>
  69       <title>Notes about group passwords</title>
  70       <para>
  71         Group passwords are an inherent security problem since more than one
  72         person is permitted to know the password. However, groups are a
  73         useful tool for permitting co-operation between different users.
  74       </para>
  75     </refsect2>
  76
  77   </refsect1>
  78
  79   <refsect1 id='options'>
  80     <title>OPTIONS</title>
  81     <para condition="gshadow">
  82       Except for the <option>-A</option> and <option>-M</option> options,
  83       the options cannot be combined.
  84     </para>
  85     <para condition="no_gshadow">
  86       The options cannot be combined.
  87     </para>
  88     <para>
  89       The options which apply to the <command>gpasswd</command> command are:
  90     </para>
  91     <variablelist remap='IP'>
  92       <varlistentry>
  93         <term>
  94           <option>-a</option>, <option>--add</option> <replaceable>user</replaceable>
  95         </term>
  96         <listitem>
  97           <para>
  98             Add the <replaceable>user</replaceable> to the named
  99             <replaceable>group</replaceable>.
 100           </para>
 101         </listitem>
 102       </varlistentry>
 103     </variablelist>
 104     <variablelist remap='IP'>
 105       <varlistentry>
 106         <term>
 107           <option>-d</option>, <option>--delete</option> <replaceable>user</replaceable>
 108         </term>
 109         <listitem>
 110           <para>
 111             Remove the <replaceable>user</replaceable> from the named
 112             <replaceable>group</replaceable>.
 113           </para>
 114         </listitem>
 115       </varlistentry>
 116     </variablelist>
 117     <variablelist remap='IP'>
 118       <varlistentry>
 119         <term>
 120           <option>-r</option>, <option>--remove-password</option>
 121         </term>
 122         <listitem>
 123           <para>
 124             Remove the password from the named <replaceable>group</replaceable>.
 125             Only group members will be allowed to use
 126             <command>newgrp</command> to join the named
 127             <replaceable>group</replaceable>.
 128           </para>
 129         </listitem>
 130       </varlistentry>
 131     </variablelist>
 132     <variablelist remap='IP'>
 133       <varlistentry>
 134         <term>
 135           <option>-R</option>, <option>--restrict</option>
 136         </term>
 137         <listitem>
 138           <para>
 139             Restrict the access to the named <replaceable>group</replaceable>.
 140             Only group members will be allowed to use
 141             <command>newgrp</command> to join the named
 142             <replaceable>group</replaceable>.
 143           </para>
 144         </listitem>
 145       </varlistentry>
 146     </variablelist>
 147     <variablelist remap='IP' condition="gshadow">
 148       <varlistentry>
 149         <term>
 150           <option>-A</option>, <option>--administrators</option> <replaceable>user</replaceable>,...
 151         </term>
 152         <listitem>
 153           <para>
 154             Set the list of administrative users.
 155           </para>
 156         </listitem>
 157       </varlistentry>
 158     </variablelist>
 159     <variablelist remap='IP'>
 160       <varlistentry>
 161         <term>
 162           <option>-M</option>, <option>--members</option> <replaceable>user</replaceable>,...
 163         </term>
 164         <listitem>
 165           <para>
 166             Set the list of group members.
 167           </para>
 168         </listitem>
 169       </varlistentry>
 170     </variablelist>
 171   </refsect1>
 172
 173   <refsect1 id='caveats'>
 174     <title>CAVEATS</title>
 175     <para>
 176       This tool only operates on the <filename>/etc/group</filename>
 177       <phrase condition="gshadow"> and <filename>/etc/gshadow</filename>
 178       files.</phrase>
 179       <phrase condition="no_gshadow">file.</phrase>
 180       Thus you cannot change any NIS or LDAP group. This must be performed
 181       on the corresponding server.
 182     </para>
 183   </refsect1>
 184
 185   <refsect1 id='configuration'>
 186     <title>CONFIGURATION</title>
 187     <para>
 188       The following configuration variables in
 189       <filename>/etc/login.defs</filename> change the behavior of this
 190       tool:
 191     </para>
 192     <variablelist>
 193       &ENCRYPT_METHOD;
 194       &MAX_MEMBERS_PER_GROUP;
 195       &MD5_CRYPT_ENAB;
 196       &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
 197     </variablelist>
 198   </refsect1>
 199
 200   <refsect1 id='files'>
 201     <title>FILES</title>
 202     <variablelist>
 203       <varlistentry>
 204         <term><filename>/etc/group</filename></term>
 205         <listitem>
 206           <para>Group account information.</para>
 207         </listitem>
 208       </varlistentry>
 209       <varlistentry condition="gshadow">
 210         <term><filename>/etc/gshadow</filename></term>
 211         <listitem>
 212           <para>Secure group account information.</para>
 213         </listitem>
 214       </varlistentry>
 215     </variablelist>
 216   </refsect1>
 217
 218   <refsect1 id='see_also'>
 219     <title>SEE ALSO</title>
 220     <para>
 221       <citerefentry>
 222         <refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
 223       </citerefentry>,
 224       <citerefentry>
 225         <refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
 226       </citerefentry>,
 227       <citerefentry>
 228         <refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
 229       </citerefentry>,
 230       <citerefentry>
 231         <refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
 232       </citerefentry>,
 233       <citerefentry>
 234         <refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
 235       </citerefentry>,
 236       <citerefentry>
 237         <refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
 238       </citerefentry><phrase condition="gshadow">,
 239       <citerefentry>
 240         <refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
 241       </citerefentry></phrase>.
 242     </para>
 243   </refsect1>
 244 </refentry>