source: chapter08/shadow.xml@ c232507

12.0 12.0-rc1 12.1 12.1-rc1 multilib renodr/libudev-from-systemd trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/update-glibc
Last change on this file since c232507 was c232507, checked in by Xi Ruoyao <xry111@…>, 11 months ago

shadow: Allow using bcrypt and yescrypt, and use yescrypt as the default

Yescrypt is the current default password hashing algorithm of Fedora
and Debian. See [1] for its advantage.

Now we have libxcrypt providing the implementation of bcrypt and
yescrypt, we can switch to yescrypt as well. We also don't need to
adjust the rounds for SHA512 anymore.

[1]:https://www.fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow#Detailed_Description
  • Property mode set to 100644
File size: 24.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-shadow" role="wrap">
9 <?dbhtml filename="shadow.html"?>
10
11 <sect1info condition="script">
12 <productname>shadow</productname>
13 <productnumber>&shadow-version;</productnumber>
14 <address>&shadow-url;</address>
15 </sect1info>
16
17 <title>Shadow-&shadow-version;</title>
18
19 <indexterm zone="ch-system-shadow">
20 <primary sortas="a-Shadow">Shadow</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The Shadow package contains programs for handling passwords in a secure
27 way.</para>
28
29 <segmentedlist>
30 <segtitle>&buildtime;</segtitle>
31 <segtitle>&diskspace;</segtitle>
32
33 <seglistitem>
34 <seg>&shadow-fin-sbu;</seg>
35 <seg>&shadow-fin-du;</seg>
36 </seglistitem>
37 </segmentedlist>
38
39 </sect2>
40
41 <sect2 role="installation">
42 <title>Installation of Shadow</title>
43
44 <note>
45 <para>If you would like to enforce the use of strong passwords, refer to
46 <ulink url="&blfs-book;postlfs/cracklib.html"/> for installing
47 CrackLib prior to building Shadow. Then add
48 <parameter>--with-libcrack</parameter> to the <command>configure</command>
49 command below.</para>
50 </note>
51
52 <para>Disable the installation of the <command>groups</command> program
53 and its man pages, as Coreutils provides a better version. Also,
54 prevent the installation of manual pages that were already installed in
55 <xref linkend="ch-system-man-pages"/>:</para>
56
57<screen><userinput remap="pre">sed -i 's/groups$(EXEEXT) //' src/Makefile.in
58find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
59find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
60find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;</userinput></screen>
61
62 <para id="shadow-login_defs">Instead of using the default
63 <emphasis>crypt</emphasis> method, use the much more secure
64 <emphasis>YESCRYPT</emphasis> method of password encryption, which also
65 allows passwords longer than 8 characters.
66 It is also necessary to change
67 the obsolete <filename class="directory">/var/spool/mail</filename> location
68 for user mailboxes that Shadow uses by default to the <filename
69 class="directory">/var/mail</filename> location used currently. And,
70 remove <filename class="directory">/bin</filename> and
71 <filename class="directory">/sbin</filename> from the <envar>PATH</envar>,
72 since they are simply symlinks to their counterparts in
73 <filename class="directory">/usr</filename>.</para>
74
75 <note>
76 <para>If you wish to include <filename class="directory">/bin</filename>
77 and/or <filename class="directory">/sbin</filename> in the <envar>PATH</envar>
78 for some reason, modify the
79 <envar>PATH</envar> in <filename>.bashrc</filename> after LFS has been
80 built.</para>
81 </note>
82
83<screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \
84 -e 's:/var/spool/mail:/var/mail:' \
85 -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
86 -i etc/login.defs</userinput></screen>
87
88 <note>
89 <para>If you chose to build Shadow with Cracklib support, issue this command:</para>
90
91<screen role="nodump"><userinput>sed -i 's:DICTPATH.*:DICTPATH\t/lib/cracklib/pw_dict:' etc/login.defs</userinput></screen>
92 </note>
93<!--
94 <para>Make a minor change to make the first group number generated
95 by useradd 1000:</para>
96
97<screen><userinput remap="pre">sed -i 's/1000/999/' etc/useradd</userinput></screen>
98-->
99<!--
100 <para>Fix a simple programming error by modifying a file with following command:</para>
101
102<screen><userinput remap="pre">sed -e "224s/rounds/min_rounds/" -i libmisc/salt.c</userinput></screen>
103-->
104 <para>Prepare Shadow for compilation:</para>
105
106<screen><userinput remap="configure">touch /usr/bin/passwd
107./configure --sysconfdir=/etc \
108 --disable-static \
109 --with-{b,yes}crypt \
110 --with-group-name-max-length=32</userinput></screen>
111
112 <variablelist>
113 <title>The meaning of the new configuration options:</title>
114
115 <varlistentry>
116 <term><command>touch /usr/bin/passwd</command></term>
117 <listitem>
118 <para>The file <filename>/usr/bin/passwd</filename> needs
119 to exist because its location is hardcoded in some programs;
120 if it does not already exist, the installation script will
121 create it in the wrong place.</para>
122 </listitem>
123 </varlistentry>
124
125 <varlistentry>
126 <term><parameter>--with-{b,yes}crypt</parameter></term>
127 <listitem>
128 <para>The shell expands this to two switches,
129 <parameter>--with-bcrypt</parameter> and
130 <parameter>--with-yescrypt</parameter>. They allow shadow to use
131 the Bcrypt and Yescrypt algorithms implemented by
132 <application>Libxcrypt</application> for hashing passwords.
133 These algorithms are more secure (in particular, much more
134 resistant to GPU-based attacks) than the traditional SHA
135 algorithms.</para>
136 </listitem>
137 </varlistentry>
138
139 <varlistentry>
140 <term><parameter>--with-group-name-max-length=32</parameter></term>
141 <listitem>
142 <para>The longest permissible user name is 32 characters. Make the maximum
143 length of a group name the same.</para>
144 </listitem>
145 </varlistentry>
146
147 </variablelist>
148
149 <para>Compile the package:</para>
150
151 <screen><userinput remap="make">make</userinput></screen>
152
153 <para>This package does not come with a test suite.</para>
154
155 <para>Install the package:</para>
156
157 <screen><userinput remap="install">make exec_prefix=/usr install
158make -C man install-man</userinput></screen>
159
160 </sect2>
161
162 <sect2 id="conf-shadow" role="configuration">
163 <title>Configuring Shadow</title>
164
165 <indexterm zone="conf-shadow">
166 <primary sortas="a-Shadow">Shadow</primary>
167 <secondary>configuring</secondary>
168 </indexterm>
169
170 <para>This package contains utilities to add, modify, and delete users and
171 groups; set and change their passwords; and perform other administrative
172 tasks. For a full explanation of what <emphasis>password shadowing</emphasis>
173 means, see the <filename>doc/HOWTO</filename> file within the unpacked
174 source tree. If you use Shadow support, keep in mind that programs which need
175 to verify passwords (display managers, FTP programs, pop3 daemons, etc.)
176 must be Shadow-compliant. That is, they must be able to work with
177 shadowed passwords.</para>
178
179 <para>To enable shadowed passwords, run the following command:</para>
180
181<screen><userinput>pwconv</userinput></screen>
182
183 <para>To enable shadowed group passwords, run:</para>
184
185<screen><userinput>grpconv</userinput></screen>
186
187 <para>Shadow's default configuration for the <command>useradd</command>
188 utility needs some explanation. First, the default
189 action for the <command>useradd</command> utility is to create the user and
190 a group with the same name as the user. By default the user ID (UID) and
191 group ID (GID) numbers will begin at 1000. This means if you don't pass
192 extra parameters to <command>useradd</command>, each user will be a member of a
193 unique group on the system. If this behavior is undesirable, you'll need
194 to pass either the <parameter>-g</parameter> or <parameter>-N</parameter>
195 parameter to <command>useradd</command>, or else change the setting of
196 <parameter>USERGROUPS_ENAB</parameter> in
197 <filename>/etc/login.defs</filename>. See <filename>useradd(8)</filename>
198 for more information.</para>
199
200 <para>Second, to change the default parameters, the file
201 <filename>/etc/default/useradd</filename> must be created and tailored
202 to suit your particular needs. Create it with:</para>
203
204<screen><userinput>mkdir -p /etc/default
205useradd -D --gid 999</userinput></screen>
206
207 <variablelist>
208 <title><filename>/etc/default/useradd</filename> parameter explanations</title>
209
210 <varlistentry>
211 <term><parameter>GROUP=999</parameter></term>
212 <listitem>
213 <para>This parameter sets the beginning of the group numbers used in
214 the <filename>/etc/group</filename> file. The particular value 999
215 comes from the <parameter>--gid</parameter> parameter above. You
216 may set it to any desired value.
217
218 Note that <command>useradd</command> will never reuse a UID or GID.
219 If the number identified in this parameter is used, it will use the
220 next available number. Note also that if you don't have a group with
221 an ID equal to this number on your system, then the first time you use
222 <command>useradd</command> without the <parameter>-g</parameter>
223 parameter, an error message will be generated&mdash;<computeroutput>useradd:
224 unknown GID 999</computeroutput>,
225 even though the account has been created correctly. That is why we
226 created the group <systemitem class="groupname">users</systemitem>
227 with this group ID in <xref linkend='ch-tools-createfiles'/>.</para>
228
229 </listitem>
230 </varlistentry>
231 <varlistentry>
232 <term><parameter>CREATE_MAIL_SPOOL=yes</parameter></term>
233 <listitem>
234 <para>This parameter causes <command>useradd</command> to create a
235 mailbox file for each new user. <command>useradd</command>
236 will assign the group ownership of this file to the
237 <systemitem class="groupname">mail</systemitem> group with 0660
238 permissions. If you would rather not create these files,
239 issue the following command:</para>
240
241<screen><userinput>sed -i '/MAIL/s/yes/no/' /etc/default/useradd</userinput></screen>
242 </listitem>
243 </varlistentry>
244
245 </variablelist>
246
247 </sect2>
248
249 <sect2 role="configuration">
250 <title>Setting the Root Password</title>
251
252 <para>Choose a password for user <emphasis>root</emphasis> and set it
253 by running:</para>
254
255<screen role="nodump"><userinput>passwd root</userinput></screen>
256
257 </sect2>
258
259 <sect2 id="contents-shadow" role="content">
260 <title>Contents of Shadow</title>
261
262 <segmentedlist>
263 <segtitle>Installed programs</segtitle>
264 <segtitle>Installed directories</segtitle>
265 <segtitle>Installed libraries</segtitle>
266
267 <seglistitem>
268 <seg>chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog,
269 getsubids, gpasswd, groupadd, groupdel, groupmems, groupmod, grpck,
270 grpconv, grpunconv, lastlog, login, logoutd, newgidmap, newgrp,
271 newuidmap, newusers, nologin, passwd, pwck, pwconv, pwunconv,
272 sg (link to newgrp), su, useradd, userdel, usermod,
273 vigr (link to vipw), and vipw</seg>
274 <seg>/etc/default and /usr/include/shadow</seg>
275 <seg>libsubid.so</seg>
276 </seglistitem>
277 </segmentedlist>
278
279 <variablelist>
280 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
281 <?dbfo list-presentation="list"?>
282 <?dbhtml list-presentation="table"?>
283
284 <varlistentry id="chage">
285 <term><command>chage</command></term>
286 <listitem>
287 <para>Used to change the maximum number of days between obligatory
288 password changes</para>
289 <indexterm zone="ch-system-shadow chage">
290 <primary sortas="b-chage">chage</primary>
291 </indexterm>
292 </listitem>
293 </varlistentry>
294
295 <varlistentry id="chfn">
296 <term><command>chfn</command></term>
297 <listitem>
298 <para>Used to change a user's full name and other information</para>
299 <indexterm zone="ch-system-shadow chfn">
300 <primary sortas="b-chfn">chfn</primary>
301 </indexterm>
302 </listitem>
303 </varlistentry>
304
305 <varlistentry id="chgpasswd">
306 <term><command>chgpasswd</command></term>
307 <listitem>
308 <para>Used to update group passwords in batch mode</para>
309 <indexterm zone="ch-system-shadow chgpasswd">
310 <primary sortas="b-chgpasswd">chgpasswd</primary>
311 </indexterm>
312 </listitem>
313 </varlistentry>
314
315 <varlistentry id="chpasswd">
316 <term><command>chpasswd</command></term>
317 <listitem>
318 <para>Used to update user passwords in batch mode</para>
319 <indexterm zone="ch-system-shadow chpasswd">
320 <primary sortas="b-chpasswd">chpasswd</primary>
321 </indexterm>
322 </listitem>
323 </varlistentry>
324
325 <varlistentry id="chsh">
326 <term><command>chsh</command></term>
327 <listitem>
328 <para>Used to change a user's default login shell</para>
329 <indexterm zone="ch-system-shadow chsh">
330 <primary sortas="b-chsh">chsh</primary>
331 </indexterm>
332 </listitem>
333 </varlistentry>
334
335 <varlistentry id="expiry">
336 <term><command>expiry</command></term>
337 <listitem>
338 <para>Checks and enforces the current password expiration policy</para>
339 <indexterm zone="ch-system-shadow expiry">
340 <primary sortas="b-expiry">expiry</primary>
341 </indexterm>
342 </listitem>
343 </varlistentry>
344
345 <varlistentry id="faillog">
346 <term><command>faillog</command></term>
347 <listitem>
348 <para>Is used to examine the log of login failures, to set a maximum
349 number of failures before an account is blocked, and to reset the
350 failure count</para>
351 <indexterm zone="ch-system-shadow faillog">
352 <primary sortas="b-faillog">faillog</primary>
353 </indexterm>
354 </listitem>
355 </varlistentry>
356
357 <varlistentry id="getsubids">
358 <term><command>getsubids</command></term>
359 <listitem>
360 <para>Is used to list the subordinate id ranges for a user</para>
361 <indexterm zone="ch-system-shadow getsubids">
362 <primary sortas="b-getsubids">getsubids</primary>
363 </indexterm>
364 </listitem>
365 </varlistentry>
366
367 <varlistentry id="gpasswd">
368 <term><command>gpasswd</command></term>
369 <listitem>
370 <para>Is used to add and delete members and administrators to
371 groups</para>
372 <indexterm zone="ch-system-shadow gpasswd">
373 <primary sortas="b-gpasswd">gpasswd</primary>
374 </indexterm>
375 </listitem>
376 </varlistentry>
377
378 <varlistentry id="groupadd">
379 <term><command>groupadd</command></term>
380 <listitem>
381 <para>Creates a group with the given name</para>
382 <indexterm zone="ch-system-shadow groupadd">
383 <primary sortas="b-groupadd">groupadd</primary>
384 </indexterm>
385 </listitem>
386 </varlistentry>
387
388 <varlistentry id="groupdel">
389 <term><command>groupdel</command></term>
390 <listitem>
391 <para>Deletes the group with the given name</para>
392 <indexterm zone="ch-system-shadow groupdel">
393 <primary sortas="b-groupdel">groupdel</primary>
394 </indexterm>
395 </listitem>
396 </varlistentry>
397
398 <varlistentry id="groupmems">
399 <term><command>groupmems</command></term>
400 <listitem>
401 <para>Allows a user to administer his/her own group membership list
402 without the requirement of super user privileges.</para>
403 <indexterm zone="ch-system-shadow groupmems">
404 <primary sortas="b-groupmems">groupmems</primary>
405 </indexterm>
406 </listitem>
407 </varlistentry>
408
409 <varlistentry id="groupmod">
410 <term><command>groupmod</command></term>
411 <listitem>
412 <para>Is used to modify the given group's name or GID</para>
413 <indexterm zone="ch-system-shadow groupmod">
414 <primary sortas="b-groupmod">groupmod</primary>
415 </indexterm>
416 </listitem>
417 </varlistentry>
418
419 <varlistentry id="grpck">
420 <term><command>grpck</command></term>
421 <listitem>
422 <para>Verifies the integrity of the group files
423 <filename>/etc/group</filename> and
424 <filename>/etc/gshadow</filename></para>
425 <indexterm zone="ch-system-shadow grpck">
426 <primary sortas="b-grpck">grpck</primary>
427 </indexterm>
428 </listitem>
429 </varlistentry>
430
431 <varlistentry id="grpconv">
432 <term><command>grpconv</command></term>
433 <listitem>
434 <para>Creates or updates the shadow group file from the normal
435 group file</para>
436 <indexterm zone="ch-system-shadow grpconv">
437 <primary sortas="b-grpconv">grpconv</primary>
438 </indexterm>
439 </listitem>
440 </varlistentry>
441
442 <varlistentry id="grpunconv">
443 <term><command>grpunconv</command></term>
444 <listitem>
445 <para>Updates <filename>/etc/group</filename> from
446 <filename>/etc/gshadow</filename> and then deletes the latter</para>
447 <indexterm zone="ch-system-shadow grpunconv">
448 <primary sortas="b-grpunconv">grpunconv</primary>
449 </indexterm>
450 </listitem>
451 </varlistentry>
452
453 <varlistentry id="lastlog">
454 <term><command>lastlog</command></term>
455 <listitem>
456 <para>Reports the most recent login of all users or of a
457 given user</para>
458 <indexterm zone="ch-system-shadow lastlog">
459 <primary sortas="b-lastlog">lastlog</primary>
460 </indexterm>
461 </listitem>
462 </varlistentry>
463
464 <varlistentry id="login">
465 <term><command>login</command></term>
466 <listitem>
467 <para>Is used by the system to let users sign on</para>
468 <indexterm zone="ch-system-shadow login">
469 <primary sortas="b-login">login</primary>
470 </indexterm>
471 </listitem>
472 </varlistentry>
473
474 <varlistentry id="logoutd">
475 <term><command>logoutd</command></term>
476 <listitem>
477 <para>Is a daemon used to enforce restrictions on log-on time
478 and ports</para>
479 <indexterm zone="ch-system-shadow logoutd">
480 <primary sortas="b-logoutd">logoutd</primary>
481 </indexterm>
482 </listitem>
483 </varlistentry>
484
485 <varlistentry id="newgidmap">
486 <term><command>newgidmap</command></term>
487 <listitem>
488 <para>Is used to set the gid mapping of a user namespace</para>
489 <indexterm zone="ch-system-shadow newgidmap">
490 <primary sortas="b-newgidmap">newgidmap</primary>
491 </indexterm>
492 </listitem>
493 </varlistentry>
494
495 <varlistentry id="newgrp">
496 <term><command>newgrp</command></term>
497 <listitem>
498 <para>Is used to change the current GID during a login session</para>
499 <indexterm zone="ch-system-shadow newgrp">
500 <primary sortas="b-newgrp">newgrp</primary>
501 </indexterm>
502 </listitem>
503 </varlistentry>
504
505 <varlistentry id="newuidmap">
506 <term><command>newuidmap</command></term>
507 <listitem>
508 <para>Is used to set the uid mapping of a user namespace</para>
509 <indexterm zone="ch-system-shadow newuidmap">
510 <primary sortas="b-newuidmap">newuidmap</primary>
511 </indexterm>
512 </listitem>
513 </varlistentry>
514
515 <varlistentry id="newusers">
516 <term><command>newusers</command></term>
517 <listitem>
518 <para>Is used to create or update an entire series of user
519 accounts</para>
520 <indexterm zone="ch-system-shadow newusers">
521 <primary sortas="b-newusers">newusers</primary>
522 </indexterm>
523 </listitem>
524 </varlistentry>
525
526 <varlistentry id="nologin">
527 <term><command>nologin</command></term>
528 <listitem>
529 <para>Displays a message saying an account is not available; it is designed
530 to be used as the default shell for disabled accounts</para>
531 <indexterm zone="ch-system-shadow nologin">
532 <primary sortas="b-nologin">nologin</primary>
533 </indexterm>
534 </listitem>
535 </varlistentry>
536
537 <varlistentry id="passwd">
538 <term><command>passwd</command></term>
539 <listitem>
540 <para>Is used to change the password for a user or group account</para>
541 <indexterm zone="ch-system-shadow passwd">
542 <primary sortas="b-passwd">passwd</primary>
543 </indexterm>
544 </listitem>
545 </varlistentry>
546
547 <varlistentry id="pwck">
548 <term><command>pwck</command></term>
549 <listitem>
550 <para>Verifies the integrity of the password files
551 <filename>/etc/passwd</filename> and
552 <filename>/etc/shadow</filename></para>
553 <indexterm zone="ch-system-shadow pwck">
554 <primary sortas="b-pwck">pwck</primary>
555 </indexterm>
556 </listitem>
557 </varlistentry>
558
559 <varlistentry id="pwconv">
560 <term><command>pwconv</command></term>
561 <listitem>
562 <para>Creates or updates the shadow password file from the normal
563 password file</para>
564 <indexterm zone="ch-system-shadow pwconv">
565 <primary sortas="b-pwconv">pwconv</primary>
566 </indexterm>
567 </listitem>
568 </varlistentry>
569
570 <varlistentry id="pwunconv">
571 <term><command>pwunconv</command></term>
572 <listitem>
573 <para>Updates <filename>/etc/passwd</filename> from
574 <filename>/etc/shadow</filename> and then deletes the latter</para>
575 <indexterm zone="ch-system-shadow pwunconv">
576 <primary sortas="b-pwunconv">pwunconv</primary>
577 </indexterm>
578 </listitem>
579 </varlistentry>
580
581 <varlistentry id="sg">
582 <term><command>sg</command></term>
583 <listitem>
584 <para>Executes a given command while the user's GID
585 is set to that of the given group</para>
586 <indexterm zone="ch-system-shadow sg">
587 <primary sortas="b-sg">sg</primary>
588 </indexterm>
589 </listitem>
590 </varlistentry>
591
592 <varlistentry id="su">
593 <term><command>su</command></term>
594 <listitem>
595 <para>Runs a shell with substitute user and group IDs</para>
596 <indexterm zone="ch-system-shadow su">
597 <primary sortas="b-su">su</primary>
598 </indexterm>
599 </listitem>
600 </varlistentry>
601
602 <varlistentry id="useradd">
603 <term><command>useradd</command></term>
604 <listitem>
605 <para>Creates a new user with the given name, or updates the default
606 new-user information</para>
607 <indexterm zone="ch-system-shadow useradd">
608 <primary sortas="b-useradd">useradd</primary>
609 </indexterm>
610 </listitem>
611 </varlistentry>
612
613 <varlistentry id="userdel">
614 <term><command>userdel</command></term>
615 <listitem>
616 <para>Deletes the specified user account</para>
617 <indexterm zone="ch-system-shadow userdel">
618 <primary sortas="b-userdel">userdel</primary>
619 </indexterm>
620 </listitem>
621 </varlistentry>
622
623 <varlistentry id="usermod">
624 <term><command>usermod</command></term>
625 <listitem>
626 <para>Is used to modify the given user's login name, user
627 identification (UID), shell, initial group, home directory, etc.</para>
628 <indexterm zone="ch-system-shadow usermod">
629 <primary sortas="b-usermod">usermod</primary>
630 </indexterm>
631 </listitem>
632 </varlistentry>
633
634 <varlistentry id="vigr">
635 <term><command>vigr</command></term>
636 <listitem>
637 <para>Edits the <filename>/etc/group</filename> or
638 <filename>/etc/gshadow</filename> files</para>
639 <indexterm zone="ch-system-shadow vigr">
640 <primary sortas="b-vigr">vigr</primary>
641 </indexterm>
642 </listitem>
643 </varlistentry>
644
645 <varlistentry id="vipw">
646 <term><command>vipw</command></term>
647 <listitem>
648 <para>Edits the <filename>/etc/passwd</filename> or
649 <filename>/etc/shadow</filename> files</para>
650 <indexterm zone="ch-system-shadow vipw">
651 <primary sortas="b-vipw">vipw</primary>
652 </indexterm>
653 </listitem>
654 </varlistentry>
655
656 <varlistentry id="libsubid">
657 <term><filename class='libraryfile'>libsubid</filename></term>
658 <listitem>
659 <para>library to handle subordinate id ranges for users and groups</para>
660 <indexterm zone="ch-system-shadow libsubid">
661 <primary sortas="c-libsubid">libsubid</primary>
662 </indexterm>
663 </listitem>
664 </varlistentry>
665
666 </variablelist>
667
668 </sect2>
669
670</sect1>
Note: See TracBrowser for help on using the repository browser.