Merge changes from the lenny branch:

svn merge svn://svn.debian.org/svn/pkg-shadow/debian/branches/lenny@2000 svn//svn.debian.org/svn/pkg-shadow/debian/branches/lenny@2271 svn://svn.debian.org/svn/pkg-shadow/debian/trunk
Previous changes moved to 4.1.2-1 (experimental).
This commit is contained in:
nekral-guest
2008-08-31 19:16:54 +00:00
parent 8d682b7f61
commit 2d5f7a20d7
22 changed files with 1518 additions and 23 deletions
+1 -1
View File
@@ -6,7 +6,7 @@ deb:: check_cheese
include /usr/share/quilt/quilt.debbuild.mk
check_cheese:
@dpkg-parsechangelog | grep -q "\* The \".*\" release\." || { \
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
echo ""; \
echo " ** **"; \
echo " ** Warning: not a cheesy release! **"; \
+17
View File
@@ -0,0 +1,17 @@
This package uses quilt to patch the upstream source.
You can find some info on how to generate the patched source, add a new
modification, and remove an existing modification on:
/usr/share/doc/quilt/README.source
================================================================================
To package a new upstream release, you can use the Makefile:
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile
================================================================================
A testsuite is also available. Instruction on how to run this testsuite
are available on:
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README
+79 -2
View File
@@ -1,6 +1,6 @@
shadow (1:4.1.1-2) UNRELEASED; urgency=low
shadow (1:4.1.2-1) experimental; urgency=low
* The "Brie de Meaux" and "Brie de Melun" double cheese release.
* The "" release.
* debian/control: changed the "Replaces" on manpages-zh to a versioned
one on 1.5.1-1
* debian/control: drop all Replaces on manpages-* when the version is
@@ -12,6 +12,83 @@ shadow (1:4.1.1-2) UNRELEASED; urgency=low
-- Christian Perrier <bubulle@debian.org> Mon, 07 Apr 2008 23:00:26 +0200
shadow (1:4.1.1-4) unstable; urgency=low
* The "Rocamadour" release.
* debian/patches/302_remove_non_translated_polish_manpages,
debian/patches/series: Remove the (untranslated) su.1 and login.1 polish
translation. Closes: #491460
* debian/patches/506_relaxed_usernames: Document that the naming policy is
also used for the group names policy. Differentiate the Debian
constraints in a separate paragraph. Added documentation of the username
length restriction. Closes: #493230
* debian/patches/507_32char_grnames.dpatch: Update the documentation of the
group length restriction. Closes: #493230
* debian/login.pam: Replace the "multiple" option of pam_selinux by
"select_context". This requires PAM 1.0.1, but is commented.
Closes: #493181
* debian/patches/494_passwd_lock-no_account_lock: Fix typo (missing
parenthesis). Thanks to Moray Allan.
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 15 Aug 2008 12:36:15 -0300
shadow (1:4.1.1-3) unstable; urgency=low
* The "Morbier" release.
* debian/patches/302_vim_selinux_support: Add SE Linux support to vipw/vigr.
Thanks to Russell Coker. Closes: #491907
* debian/patches/494_passwd_lock-no_account_lock: Restore the previous
behavior of passwd -l (which changed in #389183): only lock the user's
password, not the user's account. Also explicitly document the
differences. This restores a behavior common with the previous versions of
passwd and with other implementations. Closes: #492307
* debian/patches/494_passwd_lock-no_account_lock: Add a reference to
usermod(8) in passwd(1). Closes: #412234
* debian/login.pam: Enforce a fail delay to avoid login brute-force.
Closes: #443322
* debian/login.pam: Indicate why the pam_securetty module is used as a
requisite module and mentions the possible drawbacks. Closes: #482352
* debian/login.defs: Do not mention the libpam-umask package (the module is
now provided by libpam-modules). Closes: #492410
* debian/patches/200_Czech_binary_translation: Updated Czech translation.
Thanks to Miroslav Kure. Closes: #482823
* debian/securetty.linux: Add the PA-RISC mux ports (ttyB0, ttyB1).
Closes: #488515
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sat, 26 Jul 2008 10:12:46 +0200
shadow (1:4.1.1-2) unstable; urgency=low
* The "Brie de Meaux" and "Brie de Melun" double cheese release.
* Backported patches from upstream
- debian/patches/300_SHA_crypt_method:
This fixes bugs in the SHA encryption method that force the salt to have
8 bytes (instead of a random length between 8 and 16 bytes), and force
the number of SHA rounds to be equal to the lowest limit (at least 1000
SHA rounds).
- debian/patches/301_manpages_missing_options:
This add the missing documentation of options in useradd, groupadd, and
newusers.
* Tag patches already applied upstream
- debian/patches/487_passwd_chauthtok_failed_message
- debian/patches/406_vipw_resume_properly
- debian/patches/008_su_get_PAM_username
- debian/patches/491_configure.in_friendly_selinux_detection
- debian/patches/434_login_stop_checking_args_after--
- debian/patches/414_remove-unwise-advices
* Added description of new variables in /etc/login.defs:
- SYS_UID_MIN, SYS_UID_MAX, SYS_GID_MIN, SYS_GID_MAX
- ENCRYPT_METHOD
- SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS
* New Debian Policy:
- debian/control: Bump Standards-Version to 3.8.0 (no changes needed).
- debian/README.source: Document how to patch the upstream source, how to
use quilt, how to package a new upstream and how to use the testsuite.
* debian/patches/505_useradd_recommend_adduser: Fix typo: userdel is used to
remove an user, not to add one. Closes: #475795
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
+1 -1
View File
@@ -2,7 +2,7 @@ Source: shadow
Section: admin
Priority: required
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Standards-Version: 3.7.3.0
Standards-Version: 3.8.0
Uploaders: Christian Perrier <bubulle@debian.org>, Martin Quinson <mquinson@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 5.0.0), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3-1)
Vcs-Svn: svn://svn.debian.org/svn/pkg-shadow/debian/trunk
+38 -2
View File
@@ -140,8 +140,8 @@ TTYPERM 0600
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
# as the solution which catches all these cases on PAM-enabled systems.
# Therefore the use of pam_umask is recommended as the solution which
# catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
@@ -176,12 +176,18 @@ PASS_WARN_AGE 7
#
UID_MIN 1000
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 100
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
#
# Max number of login retries if password is bad. This will most likely be
@@ -266,8 +272,38 @@ USERGROUPS_ENAB yes
#
# This variable is used by chpasswd, gpasswd and newusers.
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
#ENCRYPT_METHOD DES
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000
################# OBSOLETED BY PAM ##############
# #
# These options are now handled by PAM. Please #
+13 -1
View File
@@ -2,12 +2,24 @@
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
# Note that it is included as a "requisite" module. No password prompts will
# be displayed if this module fails to avoid having the root password
# transmitted on unsecure ttys.
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root).
auth requisite pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
@@ -69,7 +81,7 @@ session optional pam_mail.so standard
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context.
# Uncomment the following line to enable SELinux
# session required pam_selinux.so multiple
# session required pam_selinux.so select_context
# Standard Un*x account and session
@include common-account
+18 -5
View File
@@ -1,9 +1,22 @@
Goal: ???
Goal: Retrieve the PAM username in case a module changed the PAM_USER
item.
Notes:
* It still needs more investigation.
I don't know what this patch is used for. IMO, the user name is
already known before calling pam_get_item(pamh, PAM_USER, ...)
According to Linux-PAM_ADG:
* Note, modules can change the values of PAM_USER and PAM_RUSER during
any of the pam_*() library calls. For this reason, the application
should take care to use the pam_get_item() every time it wishes to
establish who the authenticated user is (or will currently be).
PAM_USER description:
The username of the entity under whose identity service will be given. That
is, following authentication, PAM_USER identifies the local entity that
gets to use the service. Note, this value can be mapped from something
(eg., "anonymous") to something else (eg. "guest119") by any module in the
PAM stack. As such an application should consult the value of PAM_USER
after each call to a PAM function.
See also: https://www.redhat.com/archives/pam-list/2008-May/msg00009.html
Index: shadow-4.1.0/src/su.c
===================================================================
+822
View File
@@ -0,0 +1,822 @@
Goal: Update the Czech translation of the shadow programs
Fixes: #482823
Status wrt upstream: Still not applied.
Index: shadow-4.1.1/po/cs.po
===================================================================
--- shadow-4.1.1.orig/po/cs.po 2008-07-26 10:17:10.268439506 +0200
+++ shadow-4.1.1/po/cs.po 2008-07-26 10:17:33.285941161 +0200
@@ -1,13 +1,13 @@
# Czech translation of shadow-utils.
# Jiří Pavlovský <pavlovsk@ff.cuni.cz>, 1999-2000
-# Miroslav Kuře <kurem@debian.cz>, 2004-2006
+# Miroslav Kuře <kurem@debian.cz>, 2004-2008
#
msgid ""
msgstr ""
"Project-Id-Version: shadow 4.0.18\n"
"Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2008-04-03 00:42+0200\n"
-"PO-Revision-Date: 2007-11-24 18:00+0100\n"
+"POT-Creation-Date: 2008-03-18 00:08+0100\n"
+"PO-Revision-Date: 2008-05-25 12:30+0200\n"
"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
"MIME-Version: 1.0\n"
@@ -20,10 +20,12 @@
msgid ""
"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
msgstr ""
+"Zjištěno několik záznamů pojmenovaných „%s“ v souboru %s. Napravte to prosím "
+"pomocí pwck nebo grpck.\n"
#, c-format
msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
+msgstr "typ šifry není knihovnou libcrypt podporován? (%s)\n"
msgid "Could not allocate space for config info.\n"
msgstr "Nemohu alokovat dostatek místa pro konfigurační údaje.\n"
@@ -31,7 +33,7 @@
#, c-format
msgid "configuration error - unknown item '%s' (notify administrator)\n"
msgstr ""
-"konfigurační chyba - neznámý předmět '%s' (informujte správce systému)\n"
+"konfigurační chyba - neznámá položka „%s“ (informujte správce systému)\n"
#, c-format
msgid "Warning: unknown group %s\n"
@@ -93,16 +95,14 @@
"%d selhání od posledního přihlášení.\n"
"Poslední: %s na %s.\n"
-#, fuzzy
msgid "Can't get unique UID (no more available UIDs)\n"
-msgstr "%s: nelze získat jedinečné UID\n"
+msgstr "Nelze získat jedinečné UID (další UID již nejsou dostupná)\n"
-#, fuzzy
msgid "Can't get unique GID (no more available GIDs)\n"
-msgstr "%s: nelze získat jedinečné GID\n"
+msgstr "Nelze získat jedinečné GID (další GID již nejsou dostupná)\n"
msgid "Too many logins.\n"
-msgstr "Příliš mnoho souběžných přihlášení.\n"
+msgstr "Příliš mnoho přihlášení.\n"
msgid "You have new mail."
msgstr "Máte novou poštu."
@@ -146,6 +146,9 @@
msgid "passwd: %s\n"
msgstr "passwd: %s\n"
+msgid "passwd: password unchanged\n"
+msgstr "passwd: heslo nebylo změněno\n"
+
msgid "passwd: password updated successfully\n"
msgstr "passwd: heslo bylo úspěšně změněno\n"
@@ -158,10 +161,12 @@
"Invalid ENCRYPT_METHOD value: '%s'.\n"
"Defaulting to DES.\n"
msgstr ""
+"Neplatná hodnota ENCRYPT_METHOD: „%s“.\n"
+"Používám DES.\n"
#, c-format
msgid "Unable to cd to '%s'\n"
-msgstr "Nelze přejít do \"%s\"\n"
+msgstr "Nelze přejít do „%s“\n"
msgid "No directory, logging in with HOME=/"
msgstr "Žádný adresář, nastavuji HOME na /"
@@ -172,14 +177,14 @@
#, c-format
msgid "Invalid root directory '%s'\n"
-msgstr "Chybný kořenový adresář \"%s\"\n"
+msgstr "Chybný kořenový adresář „%s“\n"
#, c-format
msgid "Can't change root directory to '%s'\n"
-msgstr "Nelze změnit kořenový adresář na \"%s\"\n"
+msgstr "Nelze změnit kořenový adresář na „%s“\n"
msgid "No utmp entry. You must exec \"login\" from the lowest level \"sh\""
-msgstr "utmp záznam neexistuje. Musíte spustit \"login\" z nejnižšího \"sh\""
+msgstr "utmp záznam neexistuje. Musíte spustit „login“ z nejnižšího „sh“"
msgid "Unable to determine your tty name."
msgstr "Nelze zjistit vaše uživatelské jméno."
@@ -283,7 +288,7 @@
#, c-format
msgid "%s: do not include \"l\" with other flags\n"
-msgstr "%s: nepoužívejte \"l\" s ostatními příznaky\n"
+msgstr "%s: nepoužívejte „l“ s ostatními příznaky\n"
#, c-format
msgid "%s: Permission denied.\n"
@@ -413,24 +418,36 @@
msgstr "Soubor s hesly nelze odemknout.\n"
#, c-format
+msgid "%s: name with non-ASCII characters: '%s'\n"
+msgstr "%s: jméno obsahuje jiné znaky než ASCII: „%s“\n"
+
+#, c-format
msgid "%s: invalid name: '%s'\n"
-msgstr "%s: chybné jméno: \"%s\"\n"
+msgstr "%s: chybné jméno: „%s“\n"
+
+#, c-format
+msgid "%s: room number with non-ASCII characters: '%s'\n"
+msgstr "%s: číslo místnosti obsahuje jiné znaky než ASCII: „%s“\n"
#, c-format
msgid "%s: invalid room number: '%s'\n"
-msgstr "%s: chybné číslo místnosti: \"%s\"\n"
+msgstr "%s: chybné číslo místnosti: „%s“\n"
#, c-format
msgid "%s: invalid work phone: '%s'\n"
-msgstr "%s: chybné telefonní číslo do zaměstnání: \"%s\"\n"
+msgstr "%s: chybné telefonní číslo do zaměstnání: „%s“\n"
#, c-format
msgid "%s: invalid home phone: '%s'\n"
-msgstr "%s: chybné telefonní číslo domů: \"%s\"\n"
+msgstr "%s: chybné telefonní číslo domů: „%s“\n"
+
+#, c-format
+msgid "%s: '%s' contains non-ASCII characters\n"
+msgstr "%s: „%s“ obsahuje jiné znaky než ASCII\n"
#, c-format
msgid "%s: '%s' contains illegal characters\n"
-msgstr "%s: \"%s\" obsahuje chybné znaky\n"
+msgstr "%s: „%s“ obsahuje chybné znaky\n"
#, c-format
msgid "%s: Cannot determine your user name.\n"
@@ -438,11 +455,11 @@
#, c-format
msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: uživatele \"%s\" nelze na NIS klientu změnit.\n"
+msgstr "%s: uživatele „%s“ nelze na NIS klientu změnit.\n"
#, c-format
msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: \"%s\" je hlavním NIS serverem pro tohoto klienta.\n"
+msgstr "%s: „%s“ je hlavním NIS serverem pro tohoto klienta.\n"
#, c-format
msgid "Changing the user information for %s\n"
@@ -452,7 +469,7 @@
msgid "%s: fields too long\n"
msgstr "%s: položka je příliš dlouhá\n"
-#, fuzzy, c-format
+#, c-format
msgid ""
"Usage: %s [options]\n"
"\n"
@@ -464,35 +481,36 @@
" the MD5 algorithm\n"
"%s\n"
msgstr ""
-"Použití: chpasswd [volby]\n"
+"Použití: %s [volby]\n"
"\n"
"Volby:\n"
+" -c, --crypt-method typ šifry (jeden z %s)\n"
" -e, --encrypted zadaná hesla jsou zašifrovaná\n"
" -h, --help zobrazí tuto nápovědu a skončí\n"
-" -m, --md5 pokud zadaná hesla nejsou zašifrovaná,\n"
-" použije místo DES algoritmus MD5\n"
-"\n"
+" -m, --md5 zašifruje nešifrované heslo\n"
+" algoritmem MD5\n"
+"%s\n"
msgid ""
" -s, --sha-rounds number of SHA rounds for the SHA*\n"
" crypt algorithms\n"
-msgstr ""
+msgstr " -s, --sha-rounds počet SHA iterací algoritmu SHA*\n"
#, c-format
msgid "%s: invalid numeric argument '%s'\n"
-msgstr "%s: chybný numerický argument \"%s\"\n"
+msgstr "%s: chybný numerický argument „%s“\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: %s flag is ONLY allowed with the %s flag\n"
-msgstr "%s: přepínač -a je povolen POUZE s přepínačem -G\n"
+msgstr "%s: přepínač %s je povolen POUZE s přepínačem %s\n"
#, c-format
msgid "%s: the -c, -e, and -m flags are exclusive\n"
-msgstr ""
+msgstr "%s: přepínače -c, -e a -m se navzájem vylučují\n"
#, c-format
msgid "%s: unsupported crypt method: %s\n"
-msgstr ""
+msgstr "%s: nepodporovaný typ šifry: %s\n"
#, c-format
msgid "%s: can't lock group file\n"
@@ -510,13 +528,13 @@
msgid "%s: can't open shadow file\n"
msgstr "%s: soubor se stínovými hesly nelze otevřít\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: error updating gshadow file\n"
-msgstr "%s: chyba při aktualizaci souboru se stínovými hesly\n"
+msgstr "%s: chyba při aktualizaci souboru se stínovými skupinami\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: error updating group file\n"
-msgstr "%s: položku souboru se skupinami nelze aktualizovat\n"
+msgstr "%s: chyba při aktualizaci souboru se skupinami\n"
#, c-format
msgid "%s: line %d: line too long\n"
@@ -530,9 +548,9 @@
msgid "%s: line %d: unknown group %s\n"
msgstr "%s: řádek %d: neznámá skupina %s\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: line %d: cannot update group entry\n"
-msgstr "%s: řádek %d: položku nelze aktualizovat\n"
+msgstr "%s: řádek %d: položku nelze aktualizovat skupinu\n"
#, c-format
msgid "%s: error detected, changes ignored\n"
@@ -640,7 +658,7 @@
#, c-format
msgid " [%lds left]"
-msgstr " [%lds zbylo]"
+msgstr " [%lds zbývá]"
#, c-format
msgid " [%lds lock]"
@@ -710,13 +728,13 @@
msgid "unknown group: %s\n"
msgstr "neznámá skupina %s\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't close file\n"
-msgstr "%s: nelze otevřít soubor\n"
+msgstr "%s: nelze zavřít soubor\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't close shadow file\n"
-msgstr "%s: soubor se stínovými hesly nelze otevřít\n"
+msgstr "%s: soubor se stínovými hesly nelze zavřít\n"
#, c-format
msgid "Changing the password for group %s\n"
@@ -754,7 +772,6 @@
msgid "%s: Not a tty\n"
msgstr "%s: Nejedná se o tty\n"
-#, fuzzy
msgid ""
"Usage: groupadd [options] GROUP\n"
"\n"
@@ -780,11 +797,13 @@
" -K, --key KLÍČ=HODNOTA přebije výchozí nastavení /etc/login.defs\n"
" -o, --non-unique povolí vytvoření skupiny s duplicitním\n"
" (nejedinečným) GID\n"
+" -p, --password HESLO pro novou skupinu použije šifrované heslo\n"
+" -r, --system vytvoří systémový účet\n"
"\n"
#, c-format
msgid "%s: error adding new group entry\n"
-msgstr "%s: chyba při přidávání položky souboru se skupinami\n"
+msgstr "%s: chyba při přidávání nové skupiny\n"
#, c-format
msgid "%s: %s is not a valid group name\n"
@@ -826,9 +845,9 @@
msgid "%s: GID %u is not unique\n"
msgstr "%s: GID %u není jedinečné\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't create group\n"
-msgstr "%s: %s nelze vytvořit\n"
+msgstr "%s: nelze vytvořit skupinu\n"
msgid "Usage: groupdel group\n"
msgstr "Použití: groupdel skupina\n"
@@ -887,7 +906,6 @@
msgid "Cannot close group file\n"
msgstr "Soubor se skupinami nelze zavřít\n"
-#, fuzzy
msgid ""
"Usage: groupmod [options] GROUP\n"
"\n"
@@ -908,6 +926,7 @@
" -n, --new-name NOVÁ_SKUPINA vnutí SKUPINĚ jméno NOVÁ_SKUPINA\n"
" -o, --non-unique povolí skupině použít duplicitní\n"
" (nejedinečné) GID\n"
+" -p, --password HESLO pro SKUPINU použije šifrované heslo\n"
"\n"
#, c-format
@@ -922,7 +941,7 @@
msgid "%s: %s is not a unique name\n"
msgstr "%s: jméno %s není jedinečné\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: cannot rewrite passwd file\n"
msgstr "%s: soubor s hesly nelze přepsat\n"
@@ -939,10 +958,12 @@
"%s: cannot change the primary group of user '%s' from %u to %u, since it is "
"not in the passwd file.\n"
msgstr ""
+"%s: nelze změnit primární skupinu uživatele „%s“ z %u na %u, protože se "
+"nenachází v souboru passwd.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: cannot change the primary group of user '%s' from %u to %u.\n"
-msgstr "%s: uživatele \"%s\" nelze na NIS klientu změnit.\n"
+msgstr "%s: nelze změnit primární skupinu uživatele „%s“ z %u na %u.\n"
#, c-format
msgid "Usage: %s [-r] [-s] [group [gshadow]]\n"
@@ -974,14 +995,14 @@
#, c-format
msgid "delete line '%s'? "
-msgstr "smazat řádek \"%s\"?"
+msgstr "smazat řádek „%s“?"
msgid "duplicate group entry"
msgstr "tato položka se v souboru se skupinami vyskytuje vícekrát"
#, c-format
msgid "invalid group name '%s'\n"
-msgstr "jméno skupiny \"%s\" je chybné\n"
+msgstr "jméno skupiny „%s“ je chybné\n"
#, c-format
msgid "group %s: no user %s\n"
@@ -989,7 +1010,7 @@
#, c-format
msgid "delete member '%s'? "
-msgstr "smazat člena \"%s\"? "
+msgstr "smazat člena „%s“? "
#, c-format
msgid "no matching group file entry in %s\n"
@@ -997,7 +1018,7 @@
#, c-format
msgid "add group '%s' in %s ?"
-msgstr "přidat skupinu \"%s\" do %s ?"
+msgstr "přidat skupinu „%s“ do %s ?"
#, c-format
msgid "%s: can't update shadow entry for %s\n"
@@ -1019,7 +1040,7 @@
#, c-format
msgid "delete administrative member '%s'? "
-msgstr "smazat administrátora \"%s\"? "
+msgstr "smazat administrátora „%s“? "
#, c-format
msgid "shadow group %s: no user %s\n"
@@ -1095,9 +1116,9 @@
msgid "**Never logged in**"
msgstr "**Nikdy nebyl přihlášen**"
-#, fuzzy, c-format
+#, c-format
msgid "Unknown user or range: %s\n"
-msgstr "Neznámý uživatel: %s\n"
+msgstr "Neznámý uživatel nebo rozsah: %s\n"
#, c-format
msgid "lastlog: unexpected argument: %s\n"
@@ -1176,7 +1197,7 @@
#, c-format
msgid "TIOCSCTTY failed on %s"
-msgstr ""
+msgstr "TIOCSCTTY selhalo na %s"
msgid "Warning: login re-enabled after temporary lockout."
msgstr "Varování: po dočasném zákazu je přihlašování opět povoleno."
@@ -1206,13 +1227,12 @@
msgid "Usage: sg group [[-c] command]\n"
msgstr "Použití: sg skupina [[-c] příkaz]\n"
-#, fuzzy
msgid "Invalid password.\n"
-msgstr "Staré heslo: "
+msgstr "Neplatné heslo.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: failure forking: %s\n"
-msgstr "%s: chyba rozdvojení: %s"
+msgstr "%s: chyba rozdvojení: %s\n"
#, c-format
msgid "unknown UID: %u\n"
@@ -1233,52 +1253,59 @@
" -r, --system create system accounts\n"
"%s\n"
msgstr ""
+"Použití: %s [volby] [vstup]\n"
+"\n"
+" -c, --crypt-method typ šifry (jeden z %s)\n"
+" -r, --system vytvoří systémové účty\n"
+"%s\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: group ID `%s' is not valid\n"
-msgstr "%s: skupina %s neexistuje\n"
+msgstr "%s: skupinové ID „%s“ není platné\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: invalid group name `%s'\n"
-msgstr "jméno skupiny \"%s\" je chybné\n"
+msgstr "%s: neplatné jméno skupiny „%s“\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: group %s is a shadow group, but does not exist in /etc/group\n"
-msgstr "%s: skupina %s neexistuje\n"
+msgstr "%s: skupina %s je stínovou skupinou, ale neexistuje v /etc/group\n"
#, c-format
msgid ""
"%s: group %s created, failure during the creation of the corresponding "
"gshadow group\n"
msgstr ""
+"%s: skupina %s byla vytvořena, ale nastala chyba při vytváření odpovídající "
+"stínové skupiny\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: user ID `%s' is not valid\n"
-msgstr "%s: uživatel %s neexistuje\n"
+msgstr "%s: uživatelské ID „%s“ není platné\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: user `%s' does not exist\n"
-msgstr "%s: uživatel %s neexistuje\n"
+msgstr "%s: uživatel „%s“ neexistuje\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: invalid user name `%s'\n"
-msgstr "%s: chybné uživatelské jméno \"%s\"\n"
+msgstr "%s: neplatné uživatelské jméno „%s“\n"
#, c-format
msgid "%s: can't lock /etc/passwd.\n"
msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't lock /etc/shadow.\n"
-msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
+msgstr "%s: soubor /etc/shadow nelze zamknout.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't lock /etc/group.\n"
-msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
+msgstr "%s: soubor /etc/group nelze zamknout.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't lock /etc/gshadow.\n"
-msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
+msgstr "%s: soubor /etc/gshadow nelze zamknout.\n"
#, c-format
msgid "%s: can't open files\n"
@@ -1292,17 +1319,18 @@
msgid "%s: line %d: invalid line\n"
msgstr "%s: řádek %d: chybný řádek\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: cannot update the entry of user %s (not in the passwd database)\n"
-msgstr "%s: položku pro uživatele %s nelze aktualizovat\n"
+msgstr ""
+"%s: položku pro uživatele %s nelze aktualizovat (není v passwd databázi)\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: line %d: can't create user\n"
-msgstr "%s: řádek %d: nelze vytvořit GID\n"
+msgstr "%s: řádek %d: nelze vytvořit uživatele\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: line %d: can't create group\n"
-msgstr "%s: řádek %d: nelze vytvořit GID\n"
+msgstr "%s: řádek %d: nelze vytvořit skupinu\n"
#, c-format
msgid "%s: line %d: cannot find user %s\n"
@@ -1374,12 +1402,12 @@
msgid "Old password: "
msgstr "Staré heslo: "
-#, fuzzy, c-format
+#, c-format
msgid ""
"Enter the new password (minimum of %d characters)\n"
"Please use a combination of upper and lower case letters and numbers.\n"
msgstr ""
-"Zadejte nové heslo (počet znaků v intervalu %d až %d).\n"
+"Zadejte nové heslo (minimální délka %d znaků).\n"
"Použijte kombinaci velkých a malých písmen s číslicemi.\n"
#, c-format
@@ -1410,9 +1438,9 @@
msgid "The password for %s cannot be changed.\n"
msgstr "Heslo uživatele %s nelze změnit.\n"
-#, fuzzy, c-format
+#, c-format
msgid "The password for %s cannot be changed yet.\n"
-msgstr "Heslo uživatele %s nelze změnit.\n"
+msgstr "Heslo uživatele %s nelze zatím změnit.\n"
#, c-format
msgid "%s: out of memory\n"
@@ -1423,6 +1451,9 @@
"%s: unlocking the user would result in a passwordless account.\n"
"You should set a password with usermod -p to unlock this user account.\n"
msgstr ""
+"%s odemknutí uživatele by znamenalo mít účet bez hesla.\n"
+"Pro odemknutí tohoto uživatelského účtu byste měli nastavit heslo pomocí "
+"usermod -p.\n"
#, c-format
msgid "%s: repository %s not supported\n"
@@ -1430,7 +1461,7 @@
#, c-format
msgid "%s: %s is not authorized to change the password of %s\n"
-msgstr ""
+msgstr "%s: %s není oprávněn změnit heslo %s\n"
#, c-format
msgid "%s: You may not view or modify password information for %s.\n"
@@ -1483,7 +1514,7 @@
#, c-format
msgid "add user '%s' in %s? "
-msgstr "přidat uživatele \"%s\" do %s? "
+msgstr "přidat uživatele „%s“ do %s? "
#, c-format
msgid "%s: can't update passwd entry for %s\n"
@@ -1600,7 +1631,7 @@
msgstr "Soubor s hesly neexistuje"
msgid "TIOCSCTTY failed"
-msgstr ""
+msgstr "TIOCSCTTY selhalo"
msgid "No password entry for 'root'"
msgstr "V databázi není položka pro uživatele 'root'"
@@ -1639,13 +1670,12 @@
#, c-format
msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: skupina \"%s\" je NIS skupinou.\n"
+msgstr "%s: skupina „%s“ je NIS skupinou.\n"
#, c-format
msgid "%s: too many groups specified (max %d).\n"
msgstr "%s: zadáno příliš mnoho skupin (max %d).\n"
-#, fuzzy
msgid ""
"Usage: useradd [options] LOGIN\n"
"\n"
@@ -1701,39 +1731,46 @@
" -h, --help zobrazí tuto nápovědu a skončí\n"
" -k, --skel VZOR_ADR zadá alternativní vzorový adresář\n"
" -K, --key KLÍČ=HODNOTA přebije výchozí nastavení /etc/login.defs\n"
+" -l, nepřidá uživatele do databází lastlog\n"
+" a faillog\n"
" -m, --create-home vytvoří domovský adresář pro nový\n"
" uživatelský účet\n"
+" -N, --no-user-group nevytvoří skupinu se stejným jménem jako\n"
+" uživatel\n"
" -o, --non-unique povolí vytvoření uživatele s duplicitním\n"
" (nejedinečným) UID\n"
" -p, --password HESLO použije pro nový účet zadané zašifrované\n"
" heslo\n"
+" -r, --system vytvoří systémový účet\n"
" -s, --shell SHELL přihlašovací shell nového účtu\n"
" -u, --uid UID vynutí použití tohoto UID pro nový účet\n"
+" -U, --user-group vytvoří skupinu se stejným jménem jako\n"
+" uživatel\n"
"\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: Out of memory. Cannot update the group database.\n"
-msgstr "%s nedostatek paměti v update_group\n"
+msgstr "%s: Nedostatek paměti. Nelze aktualizovat databázi skupin.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: Out of memory. Cannot update the shadow group database.\n"
-msgstr "%s: nedostatek paměti v update_gshadow\n"
+msgstr "%s: Nedostatek paměti. Nelze aktualizovat databázi stínových skupin.\n"
#, c-format
msgid "%s: invalid base directory '%s'\n"
-msgstr "%s: chybný základní adresář \"%s\"\n"
+msgstr "%s: chybný základní adresář „%s“\n"
#, c-format
msgid "%s: invalid comment '%s'\n"
-msgstr "%s: chybný komentář \"%s\"\n"
+msgstr "%s: chybný komentář „%s“\n"
#, c-format
msgid "%s: invalid home directory '%s'\n"
-msgstr "%s: chybný domácí adresář \"%s\"\n"
+msgstr "%s: chybný domácí adresář „%s“\n"
#, c-format
msgid "%s: invalid date '%s'\n"
-msgstr "%s: chybné datum \"%s\"\n"
+msgstr "%s: chybné datum „%s“\n"
#, c-format
msgid "%s: shadow passwords required for -e\n"
@@ -1745,19 +1782,19 @@
#, c-format
msgid "%s: invalid field '%s'\n"
-msgstr "%s: chybná položka \"%s\"\n"
+msgstr "%s: chybná položka „%s“\n"
#, c-format
msgid "%s: invalid shell '%s'\n"
-msgstr "%s: chybný shell \"%s\"\n"
+msgstr "%s: chybný shell „%s“\n"
#, c-format
msgid "%s: options %s and %s conflict\n"
-msgstr ""
+msgstr "%s: volby %s a %s kolidují\n"
#, c-format
msgid "%s: invalid user name '%s'\n"
-msgstr "%s: chybné uživatelské jméno \"%s\"\n"
+msgstr "%s: chybné uživatelské jméno „%s“\n"
#, c-format
msgid "%s: cannot rewrite password file\n"
@@ -1809,7 +1846,7 @@
msgid ""
"Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"
msgstr ""
-"Skupina \"mail\" nebyla nalezena. Vytvářím uživatelovu poštovní schránku s "
+"Skupina „mail“ nebyla nalezena. Vytvářím uživatelovu poštovní schránku s "
"právy 0600.\n"
msgid "Setting mailbox file permissions"
@@ -1826,9 +1863,9 @@
"%s: skupina %s existuje - chcete-li přidat uživatele do této skupiny, "
"použijte -g.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: can't create user\n"
-msgstr "%s: %s nelze vytvořit\n"
+msgstr "%s: nelze vytvořit uživatele\n"
#, c-format
msgid "%s: UID %u is not unique\n"
@@ -1876,9 +1913,9 @@
"%s: Nemohu odstranit skupinu %s, která je primární skupinou jiného "
"uživatele.\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: error updating shadow group entry\n"
-msgstr "%s: položku souboru se skupinami nelze aktualizovat\n"
+msgstr "%s: chyba při aktualizaci stínové skupiny\n"
#, c-format
msgid "%s: cannot open group file\n"
@@ -1924,7 +1961,6 @@
msgid "%s: error removing directory %s\n"
msgstr "%s: chyba při mazání adresáře %s\n"
-#, fuzzy
msgid ""
"Usage: usermod [options] LOGIN\n"
"\n"
@@ -1954,8 +1990,6 @@
"Použití: usermod [volby] ÚČET\n"
"\n"
"Volby:\n"
-" -a, --append přidá uživatele do dalších SKUPIN\n"
-" (používejte jen s volbou -G)\n"
" -c, --comment KOMENTÁŘ nová hodnota pole GECOS\n"
" -d, --home-dir DOMOV_ADR nový domovský adresář uživatele\n"
" -e, --expiredate EXP_DATUM nastaví vypršení platnosti účtu na "
@@ -1964,6 +1998,8 @@
" -g, --gid SKUPINA nastaví novou primární SKUPINU\n"
" -G, --groups SKUPINY nový seznam dodatečných skupin, do kterých\n"
" má účet patřit\n"
+" -a, --append přidá uživatele do dalších SKUPIN zadaných\n"
+" volbou -G; neruší členství v ostatních sk.\n"
" -h, --help zobrazí tuto nápovědu a skončí\n"
" -l, --login NOVÝ_ÚČET nová hodnota přihlašovacího jména\n"
" -L, --lock zamkne uživatelský účet\n"
@@ -1977,9 +2013,9 @@
" -U, --unlock odemkne uživatelský účet\n"
"\n"
-#, fuzzy, c-format
+#, c-format
msgid "%s: error adding new shadow group entry\n"
-msgstr "%s: chyba při přidávání položky souboru se skupinami\n"
+msgstr "%s: chyba při přidávání nové stínové skupiny\n"
#, c-format
msgid "%s: no flags given\n"
@@ -1991,7 +2027,7 @@
#, c-format
msgid "%s: the -L, -p, and -U flags are exclusive\n"
-msgstr ""
+msgstr "%s: přepínače -L, -p a -U se navzájem vylučují\n"
#, c-format
msgid "%s: uid %lu is not unique\n"
@@ -2045,6 +2081,9 @@
"You may need to modify %s for consistency.\n"
"Please use the command `%s' to do so.\n"
msgstr ""
+"Změnili jste %s.\n"
+"Z důvodu konzistence byste měli změnit i %s.\n"
+"Můžete to provést příkazem „%s“.\n"
msgid ""
"Usage: vipw [options]\n"
@@ -2089,10 +2128,10 @@
#~ msgstr "%s: nelze získat jedinečné GID\n"
#~ msgid " on '%.100s' from '%.200s'"
-#~ msgstr " na \"%.100s\" z \"%.200s\""
+#~ msgstr " na „%.100s“ z „%.200s“"
#~ msgid " on '%.100s'"
-#~ msgstr " na \"%.100s\""
+#~ msgstr " na „%.100s“"
#~ msgid "%s: can't lock files, try again later\n"
#~ msgstr "%s: soubory nelze zamknout. Zkuste to opět později.\n"
@@ -2125,9 +2164,8 @@
#~ "\t\t\tpoužije místo DES algoritmus MD5\n"
#~ "\n"
-#, fuzzy
#~ msgid "No password.\n"
-#~ msgstr "Soubor s hesly neexistuje\n"
+#~ msgstr "Žádné heslo.\n"
#~ msgid "Usage: %s [input]\n"
#~ msgstr "Použití: %s [vstup]\n"
+36
View File
@@ -0,0 +1,36 @@
Goal: Fix bugs in the SHA encryption method that force the salt to have 8
bytes (instead of a random length between 8 and 16 bytes), and force
the number of SHA rounds to be equal to the lowest limit (at least
1000 SHA rounds).
Status wrt upstream: Already applied upstream.
Index: shadow-4.1.1/libmisc/salt.c
===================================================================
--- shadow-4.1.1.orig/libmisc/salt.c 2008-02-03 18:23:31.000000000 +0100
+++ shadow-4.1.1/libmisc/salt.c 2008-05-21 22:24:32.734281067 +0200
@@ -90,9 +90,10 @@
*/
static unsigned int SHA_salt_size (void)
{
- double rand_rounds = 9 * random ();
- rand_rounds /= RAND_MAX;
- return 8 + rand_rounds;
+ double rand_size;
+ seedRNG ();
+ rand_size = (double) 9.0 * random () / RAND_MAX;
+ return 8 + rand_size;
}
/* ! Arguments evaluated twice ! */
@@ -131,8 +132,8 @@
if (min_rounds > max_rounds)
max_rounds = min_rounds;
- srand (time (NULL));
- rand_rounds = (max_rounds-min_rounds+1) * random ();
+ seedRNG ();
+ rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
rand_rounds /= RAND_MAX;
rounds = min_rounds + rand_rounds;
} else if (0 == *prefered_rounds)
+233
View File
@@ -0,0 +1,233 @@
Goal: Add missing documentation of options in useradd, groupadd and
newusers
Implement the -r, --system option of newusers (already documented in
--help, implemented in code, but missing getopt handling)
Status wrt upstream: Already applied.
Index: shadow-4.1.1/man/useradd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/useradd.8.xml 2008-06-12 23:29:12.210795802 +0200
+++ shadow-4.1.1/man/useradd.8.xml 2008-06-12 23:29:12.258795502 +0200
@@ -189,23 +189,25 @@
</varlistentry>
<varlistentry>
<term>
- <option>-m</option>, <option>--create-home</option>
+ <option>-k</option>, <option>--skel</option>
+ <replaceable>SKEL_DIR</replaceable>
</term>
<listitem>
<para>
- The user's home directory will be created if it does not exist.
- The files contained in <replaceable>SKEL_DIR</replaceable> will
- be copied to the home directory if the <option>-k</option>
- option is used, otherwise the files contained in
- <filename>/etc/skel</filename> will be used instead. Any
- directories contained in <replaceable>SKEL_DIR</replaceable> or
- <filename>/etc/skel</filename> will be created in the user's
- home directory as well. The <option>-k</option> option is only
- valid in conjunction with the <option>-m</option> option. The
- default is to not create the directory and to not copy any
- files.
- This option may not function correctly if the username has a / in it.
+ The skeleton directory, which contains files and directories
+ to be copied in the user's home directory, when the home
+ directory is created by <command>useradd</command>.
+ </para>
+ <para>
+ This option is only valid if the <option>-m</option> (or
+ <option>--create-home</option>) option is specified.
</para>
+ <para>
+ If this option is not set, the skeleton directory is defined
+ in <filename>/etc/default/useradd</filename> or, by default,
+ <filename>/etc/skel</filename>.
+ </para>
+ <para>This option may not function correctly if the username has a / in it.</para>
</listitem>
</varlistentry>
<varlistentry>
@@ -255,6 +257,22 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-m</option>, <option>--create-home</option>
+ </term>
+ <listitem>
+ <para>
+ Create the user's home directory if it does not exist.
+ The files and directories contained in the skeleton directory
+ (which can be defined with the <option>-k</option> option)
+ will be copied to the home directory.
+ </para>
+ <para>
+ By default, no home directories are created.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-N</option>, <option>--no-user-group</option>
</term>
<listitem>
@@ -295,6 +313,25 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-r</option>, <option>--system</option>
+ </term>
+ <listitem>
+ <para>
+ Create a system account.
+ </para>
+ <para>
+ System users will be created with no aging information in
+ <filename>/etc/shadow</filename>, and their numeric
+ identifiers are choosen in the
+ <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option>
+ range, defined in <filename>login.defs</filename>, instead of
+ <option>UID_MIN</option>-<option>UID_MAX</option> (and their
+ <option>GID</option> counterparts for the creation of groups).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-s</option>, <option>--shell</option>
<replaceable>SHELL</replaceable>
</term>
Index: shadow-4.1.1/man/groupadd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-02-25 22:14:56.000000000 +0100
+++ shadow-4.1.1/man/groupadd.8.xml 2008-06-12 23:29:12.258795502 +0200
@@ -126,6 +126,22 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>-r</option>, <option>--system</option>
+ </term>
+ <listitem>
+ <para>
+ Create a system group.
+ </para>
+ <para>
+ The numeric identifiers of new system groups are choosen in
+ the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option>
+ range, defined in <filename>login.defs</filename>, instead of
+ <option>GID_MIN</option>-<option>GID_MAX</option>.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
Index: shadow-4.1.1/man/newusers.8.xml
===================================================================
--- shadow-4.1.1.orig/man/newusers.8.xml 2008-02-25 22:14:56.000000000 +0100
+++ shadow-4.1.1/man/newusers.8.xml 2008-06-12 23:29:12.258795502 +0200
@@ -94,6 +94,68 @@
</para>
</refsect1>
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <para>The options which apply to the <command>newusers</command> command are:
+ </para>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term><option>-c</option>, <option>--crypt-method</option></term>
+ <listitem>
+ <para>Use the specified method to encrypt the passwords.</para>
+ <para>
+ The available methods are DES, MD5, NONE, and SHA256 or SHA512
+ if your libc support these methods.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-r</option>, <option>--system</option>
+ </term>
+ <listitem>
+ <para>
+ Create a system account.
+ </para>
+ <para>
+ System users will be created with no aging information in
+ <filename>/etc/shadow</filename>, and their numeric
+ identifiers are choosen in the
+ <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option>
+ range, defined in <filename>login.defs</filename>, instead of
+ <option>UID_MIN</option>-<option>UID_MAX</option> (and their
+ <option>GID</option> counterparts for the creation of groups).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="sha_crypt">
+ <term><option>-s</option>, <option>--sha-rounds</option></term>
+ <listitem>
+ <para>
+ Use the specified number of rounds to encrypt the passwords.
+ </para>
+ <para>
+ The value 0 means that the system will choose the default
+ number of rounds for the crypt method (5000).
+ </para>
+ <para>
+ A minimal value of 1000 and a maximal value of 999,999,999
+ will be enforced.
+ </para>
+ <para>
+ You can only use this option with the SHA256 or SHA512
+ crypt method.
+ </para>
+ <para>
+ By default, the number of rounds is defined by the
+ SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+ <filename>/etc/login.defs</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
Index: shadow-4.1.1/src/newusers.c
===================================================================
--- shadow-4.1.1.orig/src/newusers.c 2008-06-12 23:34:34.859795564 +0200
+++ shadow-4.1.1/src/newusers.c 2008-06-12 23:38:33.290795654 +0200
@@ -443,6 +443,7 @@
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"help", no_argument, NULL, 'h'},
+ {"system", no_argument, NULL, 'r'},
#ifdef USE_SHA_CRYPT
{"sha-rounds", required_argument, NULL, 's'},
#endif
@@ -451,9 +452,9 @@
while ((c = getopt_long (argc, argv,
#ifdef USE_SHA_CRYPT
- "c:hs:",
+ "c:hrs:",
#else
- "c:h",
+ "c:hr",
#endif
long_options, &option_index)) != -1) {
switch (c) {
@@ -464,6 +465,9 @@
case 'h':
usage ();
break;
+ case 'r':
+ rflg = 1;
+ break;
#ifdef USE_SHA_CRYPT
case 's':
sflg = 1;
@@ -0,0 +1,26 @@
Goal: Do not distribute the login.1 and su.1 Polish translations
Fixes: #491460
Status wrt upstream: Already applied
Index: shadow-4.1.1/man/pl/Makefile.am
===================================================================
--- shadow-4.1.1.orig/man/pl/Makefile.am
+++ shadow-4.1.1/man/pl/Makefile.am
@@ -20,7 +20,6 @@
grpconv.8 \
grpunconv.8 \
lastlog.8 \
- login.1 \
login.defs.5 \
logoutd.8 \
newgrp.1 \
@@ -32,7 +31,6 @@
pwunconv.8 \
sg.1 \
shadow.5 \
- su.1 \
suauth.5 \
useradd.8 \
userdel.8 \
+59
View File
@@ -0,0 +1,59 @@
Add SE Linux support to vipw/vigr
Fixes: #491907
Status wrt upsream: Still not applied.
Index: shadow-4.1.1/src/vipw.c
===================================================================
--- shadow-4.1.1.orig/src/vipw.c 2008-07-26 01:00:51.095214653 +0200
+++ shadow-4.1.1/src/vipw.c 2008-07-26 01:12:49.295214798 +0200
@@ -42,6 +42,10 @@
#include "sgroupio.h"
#include "shadowio.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#define MSG_WARN_EDIT_OTHER_FILE _( \
"You have modified %s.\n"\
"You may need to modify %s for consistency.\n"\
@@ -167,6 +171,22 @@
if (access (file, F_OK))
vipwexit (file, 1, 1);
+#ifdef WITH_SELINUX
+ /* if SE Linux is enabled then set the context of all new files
+ to be the context of the file we are editing */
+ if (is_selinux_enabled ()) {
+ security_context_t passwd_context=NULL;
+ int ret = 0;
+ if (getfilecon (file, &passwd_context) < 0) {
+ vipwexit (_("Couldn't get file context"), errno, 1);
+ }
+ ret = setfscreatecon (passwd_context);
+ freecon (passwd_context);
+ if (0 != ret) {
+ vipwexit (_("setfscreatecon () failed"), errno, 1);
+ }
+ }
+#endif
if (!file_lock ())
vipwexit (_("Couldn't lock file"), errno, 5);
filelocked = 1;
@@ -236,6 +256,14 @@
progname, file, strerror (errno), fileedit);
vipwexit (0, 0, 1);
}
+#ifdef WITH_SELINUX
+ /* unset the fscreatecon */
+ if (is_selinux_enabled ()) {
+ if (setfscreatecon (NULL)) {
+ vipwexit (_("setfscreatecon() failed"), errno, 1);
+ }
+ }
+#endif
(*file_unlock) ();
}
+1 -1
View File
@@ -4,7 +4,7 @@ Fix: #414542
Author: dean gaudet <dean@arctic.org>
Status wrt upstream: should be forwarded
Status wrt upstream: Fixed upstream
Index: shadow-4.1.0/src/vipw.c
===================================================================
+6 -4
View File
@@ -1,7 +1,7 @@
Goal: Remove quite unwise password choice advices in passwd manpage
Fixes: #386818
Status wrt upstream: Forwarded without patch but ignored up to now
Status wrt upstream: Applied upstream
Note:
@@ -9,14 +9,16 @@ Index: shadow-4.1.0/man/passwd.1.xml
===================================================================
--- shadow-4.1.0.orig/man/passwd.1.xml
+++ shadow-4.1.0/man/passwd.1.xml
@@ -114,35 +114,9 @@
@@ -113,36 +113,10 @@
</para>
<para>
Your password must be easily remembered so that you will not be forced
- Your password must be easily remembered so that you will not be forced
- to write it on a piece of paper. This can be accomplished by
- appending two small words together and separating each with a
- special character or digit. For example, Pass%word.
+ to write it on a piece of paper.
+ You can find advices on how to choose a strong password on
+ http://en.wikipedia.org/wiki/Password_strength
</para>
- <para>
+1 -3
View File
@@ -1,9 +1,7 @@
Goal: terminate argument validation in login when it hits a '--'.
Fixes: #66368
Status wrt upstream: It could certainly be submitted to upstream.
Upstream comment: "Better will be rewrite login
for use getopt_long()."
Status wrt upstream: Applied upstream.
Index: shadow-4.1.0/src/login.c
===================================================================
+1 -1
View File
@@ -4,7 +4,7 @@ Goal: Be more verbose and indicate that the password was not changed when
Fixes: #352137
Status wrt upstream: not forwarded yet
Status wrt upstream: Applied upstream.
Index: shadow-4.1.0/libmisc/pam_pass.c
===================================================================
+1 -1
View File
@@ -5,7 +5,7 @@ Fix: FTBFS on kfreebsd (and probably The Hurd)
Author: Mike Frysinger <vapier@gentoo.org>
Status wrt upstream: reported by Mike, not applied yet
Status wrt upstream: Fixed upstream.
Index: shadow-4.1.0/configure.in
===================================================================
+111
View File
@@ -0,0 +1,111 @@
Goal: Restore the behavior of passwd -l / passwd -u to only touch the
password field, not the account expiry. Better document the
differences between locked password and locked account.
Fixes: #492307 (and indirectly #412234).
Status wrt upstream: Still not applied.
Index: shadow-4.1.1/man/passwd.1.xml
===================================================================
--- shadow-4.1.1.orig/man/passwd.1.xml 2008-07-26 14:19:16.001439567 +0200
+++ shadow-4.1.1/man/passwd.1.xml 2008-07-26 16:08:30.562285434 +0200
@@ -197,9 +197,21 @@
</term>
<listitem>
<para>
- Lock the named account. This option disables an account by changing
- the password to a value which matches no possible encrypted value,
- and by setting the account expiry field to 1.
+ Lock the password of the named account. This option disables a password by changing
+ it to a value which matches no possible encrypted value
+ (it adds a '!' at the beginning of the password).
+ </para>
+ <para>
+ Note that this does not disable the account. The user may
+ still be able to login using another authentication token (e.g.
+ an SSH key).
+ To disable the account, administrators should use
+ <command>usermod --expiredate 1</command> (this set the account's
+ expire date to Jan 2, 1970).
+ </para>
+ <para>
+ Users with a locked password are not allowed to change their
+ password.
</para>
</listitem>
</varlistentry>
@@ -258,10 +270,9 @@
</term>
<listitem>
<para>
- Unlock the named account. This option re-enables an account by
- changing the password back to its previous value (to value before
- using <option>-l</option> option), and by resetting the account
- expiry field.
+ Unlock the password of the named account. This option re-enables a password by
+ changing the password back to its previous value (to the value before
+ using <option>-l</option> option, by removing the leading '!').
</para>
</listitem>
</varlistentry>
@@ -402,6 +413,9 @@
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
Index: shadow-4.1.1/src/passwd.c
===================================================================
--- shadow-4.1.1.orig/src/passwd.c 2008-07-26 14:19:02.809439918 +0200
+++ shadow-4.1.1/src/passwd.c 2008-07-26 16:17:14.104439588 +0200
@@ -76,11 +76,11 @@
eflg = 0, /* -e - force password change */
iflg = 0, /* -i - set inactive days */
kflg = 0, /* -k - change only if expired */
- lflg = 0, /* -l - lock account */
+ lflg = 0, /* -l - lock the user's password */
nflg = 0, /* -n - set minimum days */
qflg = 0, /* -q - quiet mode */
Sflg = 0, /* -S - show password status */
- uflg = 0, /* -u - unlock account */
+ uflg = 0, /* -u - unlock the user's password */
wflg = 0, /* -w - set warning days */
xflg = 0; /* -x - set maximum days */
@@ -155,13 +155,13 @@
" -k, --keep-tokens change password only if expired\n"
" -i, --inactive INACTIVE set password inactive after expiration\n"
" to INACTIVE\n"
- " -l, --lock lock the named account\n"
+ " -l, --lock lock the password of the named account\n"
" -n, --mindays MIN_DAYS set minimum number of days before password\n"
" change to MIN_DAYS\n"
" -q, --quiet quiet mode\n"
" -r, --repository REPOSITORY change password in REPOSITORY repository\n"
" -S, --status report password status on the named account\n"
- " -u, --unlock unlock the named account\n"
+ " -u, --unlock unlock the password of the named account\n"
" -w, --warndays WARN_DAYS set expiration warning days to WARN_DAYS\n"
" -x, --maxdays MAX_DAYS set maximim number of days before password\n"
" change to MAX_DAYS\n"
@@ -570,15 +570,6 @@
nsp->sp_inact = (inact * DAY) / SCALE;
if (do_update_age)
nsp->sp_lstchg = time ((time_t *) 0) / SCALE;
- if (lflg) {
- /* Set the account expiry field to 1.
- * Some PAM implementation consider zero as a non expired
- * account.
- */
- nsp->sp_expire = 1;
- }
- if (uflg)
- nsp->sp_expire = -1;
/*
* Force change on next login, like SunOS 4.x passwd -e or Solaris
+31 -1
View File
@@ -1,6 +1,8 @@
Goal: Relaxed usernames/groupnames checking patch.
Status wrt upstream: Debian specific. Not to be used upstream
The documentation of the username length restriction
was added upstream
Details:
Allows any non-empty user/grounames that don't contain ':' and '\n'
@@ -60,7 +62,7 @@ Index: shadow-4.1.0/man/useradd.8.xml
</para>
</listitem>
</varlistentry>
@@ -372,9 +373,13 @@
@@ -372,9 +373,18 @@
</para>
<para>
@@ -71,9 +73,37 @@ Index: shadow-4.1.0/man/useradd.8.xml
+ a lower case letter or an underscore, and are only followed by lower
+ case letters, digits, underscores, dashes, and optionally terminated by
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
+ Usernames may only be up to 32 characters long.
</para>
</refsect1>
Index: shadow-4.1.1/man/groupadd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-08-15 09:07:37.033120372 -0300
+++ shadow-4.1.1/man/groupadd.8.xml 2008-08-15 09:10:24.961112507 -0300
@@ -170,9 +170,15 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
- Groupnames must begin with a lower case letter or an underscore,
- and only lower case letters, underscores, dashes, and dollar signs
- may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
+ It is usually recommended to only use usernames that begin with
+ a lower case letter or an underscore, and are only followed by lower
+ case letters, digits, underscores, dashes, and optionally terminated by
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
</para>
<para>
Groupnames may only be up to 16 characters long.
+13
View File
@@ -49,3 +49,16 @@ Index: shadow-4.1.0/libmisc/chkname.c
return 0;
return good_name (name);
Index: shadow-4.1.1/man/groupadd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/groupadd.8.xml
+++ shadow-4.1.1/man/groupadd.8.xml
@@ -175,7 +175,7 @@
may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
</para>
<para>
- Groupnames may only be up to 16 characters long.
+ Groupnames may only be up to 32 characters long.
</para>
<para>
You may not add a NIS or LDAP group. This must be performed on the
+6
View File
@@ -28,3 +28,9 @@
406_vipw_resume_properly
414_remove-unwise-advices
415_login_put-echoctl-back
300_SHA_crypt_method
301_manpages_missing_options
302_vim_selinux_support
200_Czech_binary_translation
494_passwd_lock-no_account_lock
302_remove_non_translated_polish_manpages
+4
View File
@@ -19,6 +19,10 @@ ttyPSC3
ttyPSC4
ttyPSC5
# PA-RISC mux ports
ttyB0
ttyB1
# Standard hypervisor virtual console
hvc0