mirror of
https://github.com/shadow-maint/shadow.git
synced 2024-11-23 18:14:07 +08:00
a73d4aee75
Suggesting mode 2770 is dangerous because it makes the binary writeable by all members of the owning group which is supposed to be normal end-users. Suggest 2710 instead as is usual for s[ug]id binaries, allowing execution but neither reading nor writing. Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
258 lines
8.9 KiB
XML
258 lines
8.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
Copyright (c) 2000 , International Business Machines
|
|
George Kraft IV, gk4@us.ibm.com, 03/23/2000
|
|
Copyright (c) 2005 , Tomasz Kłoczko
|
|
Copyright (c) 2007 - 2011, Nicolas François
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
3. The name of the copyright holders or contributors may not be used to
|
|
endorse or promote products derived from this software without
|
|
specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
|
|
<!-- SHADOW-CONFIG-HERE -->
|
|
]>
|
|
<refentry id='groupmems.8'>
|
|
<!-- $Id$ -->
|
|
<refentryinfo>
|
|
<author>
|
|
<firstname>George</firstname>
|
|
<surname>Kraft</surname>
|
|
<lineage>IV</lineage>
|
|
<contrib>Creation, 2000</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Thomas</firstname>
|
|
<surname>Kłoczko</surname>
|
|
<email>kloczek@pld.org.pl</email>
|
|
<contrib>shadow-utils maintainer, 2000 - 2007</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Nicolas</firstname>
|
|
<surname>François</surname>
|
|
<email>nicolas.francois@centraliens.net</email>
|
|
<contrib>shadow-utils maintainer, 2007 - now</contrib>
|
|
</author>
|
|
</refentryinfo>
|
|
<refmeta>
|
|
<refentrytitle>groupmems</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
|
|
<refmiscinfo class="source">shadow-utils</refmiscinfo>
|
|
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>groupmems</refname>
|
|
<refpurpose>administer members of a user's primary group</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv id='synopsis'>
|
|
<cmdsynopsis>
|
|
<command>groupmems</command>
|
|
<group choice='plain'>
|
|
<arg choice='plain'>-a <replaceable>user_name</replaceable></arg>
|
|
<arg choice='plain'>-d <replaceable>user_name</replaceable></arg>
|
|
<arg choice='opt'>-g <replaceable>group_name</replaceable></arg>
|
|
<arg choice='plain'>-l </arg><arg choice='plain'>-p </arg>
|
|
</group>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>
|
|
The <command>groupmems</command> command allows a user to administer
|
|
their own group membership list without the requirement of
|
|
superuser privileges. The <command>groupmems</command> utility is for
|
|
systems that configure its users to be in their own name sake primary
|
|
group (i.e., guest / guest).
|
|
</para>
|
|
|
|
<para>Only the superuser, as administrator, can use
|
|
<command>groupmems</command> to alter the memberships of other groups.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='options'>
|
|
<title>OPTIONS</title>
|
|
<para>
|
|
The options which apply to the <command>groupmems</command> command
|
|
are:
|
|
</para>
|
|
<variablelist remap='IP'>
|
|
<varlistentry>
|
|
<term><option>-a</option>, <option>--add</option> <replaceable>user_name</replaceable></term>
|
|
<listitem>
|
|
<para>Add a user to the group membership list.</para>
|
|
<para condition="gshadow">
|
|
If the <filename>/etc/gshadow</filename> file exist, and the
|
|
group has no entry in the <filename>/etc/gshadow</filename>
|
|
file, a new entry will be created.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-d</option>, <option>--delete</option> <replaceable>user_name</replaceable></term>
|
|
<listitem>
|
|
<para>Delete a user from the group membership list.</para>
|
|
<para condition="gshadow">
|
|
If the <filename>/etc/gshadow</filename> file exist, the user
|
|
will be removed from the list of members and administrators of
|
|
the group.
|
|
</para>
|
|
<para condition="gshadow">
|
|
If the <filename>/etc/gshadow</filename> file exist, and the
|
|
group has no entry in the <filename>/etc/gshadow</filename>
|
|
file, a new entry will be created.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-g</option>, <option>--group</option> <replaceable>group_name</replaceable></term>
|
|
<listitem>
|
|
<para>The superuser can specify which group membership
|
|
list to modify.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-h</option>, <option>--help</option></term>
|
|
<listitem>
|
|
<para>Display help message and exit.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-l</option>, <option>--list</option></term>
|
|
<listitem>
|
|
<para>List the group membership list.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-p</option>, <option>--purge</option></term>
|
|
<listitem>
|
|
<para>Purge all users from the group membership list.</para>
|
|
<para condition="gshadow">
|
|
If the <filename>/etc/gshadow</filename> file exist, and the
|
|
group has no entry in the <filename>/etc/gshadow</filename>
|
|
file, a new entry will be created.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
|
|
directory and use the configuration files from the
|
|
<replaceable>CHROOT_DIR</replaceable> directory.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='setup'>
|
|
<title>SETUP</title>
|
|
<para>
|
|
The <command>groupmems</command> executable should be in mode
|
|
<literal>2710</literal> as user <emphasis>root</emphasis> and in group
|
|
<emphasis>groups</emphasis>. The system administrator can add users to
|
|
group <emphasis>groups</emphasis> to allow or disallow them using the
|
|
<command>groupmems</command> utility to manage their own group
|
|
membership list.
|
|
</para>
|
|
|
|
<programlisting>
|
|
$ groupadd -r groups
|
|
$ chmod 2710 groupmems
|
|
$ chown root.groups groupmems
|
|
$ groupmems -g groups -a gk4
|
|
</programlisting>
|
|
</refsect1>
|
|
|
|
<refsect1 id='configuration'>
|
|
<title>CONFIGURATION</title>
|
|
<para>
|
|
The following configuration variables in
|
|
<filename>/etc/login.defs</filename> change the behavior of this
|
|
tool:
|
|
</para>
|
|
<variablelist>
|
|
&MAX_MEMBERS_PER_GROUP;
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='files'>
|
|
<title>FILES</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>/etc/group</filename></term>
|
|
<listitem>
|
|
<para>Group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry condition="gshadow">
|
|
<term><filename>/etc/gshadow</filename></term>
|
|
<listitem>
|
|
<para>secure group account information</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|