GPASSWD(1) | 用户命令 | GPASSWD(1) |
名称¶
gpasswd - administer /etc/group and /etc/gshadow
大纲¶
gpasswd [选项] group
描述¶
The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.
System administrators can use the -A option to define group administrator(s) and the -M option to define members. They have all rights of group administrators and members.
gpasswd called by a group administrator with a group name only prompts for the new password of the group.
If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password.
请注意组密码¶
Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.
选项¶
Except for the -A and -M options, the options cannot be combined.
The options which apply to the gpasswd command are:
-a, --add user
-d, --delete user
-h, --help
-Q, --root CHROOT_DIR
-r, --remove-password
-R, --restrict
-A, --administrators user,...
-M, --members user,...
CAVEATS¶
This tool only operates on the /etc/groupand /etc/gshadow files. Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server.
配置文件¶
The following configuration variables in /etc/login.defs change the behavior of this tool:
ENCRYPT_METHOD (string)
It can take one of these values: DES (default), MD5, SHA256, SHA512.
Note: this parameter overrides the MD5_CRYPT_ENAB variable.
MAX_MEMBERS_PER_GROUP (number)
默认值是 0,意味着组中的成员数没有限制。
此功能(分割组)允许限制组文件中的行长度。这对于确保 NIS 组的行比长于 1024 字符。
如果要强制这个限制,可以使用 25。
注意:分割组可能不受所有工具的支持(甚至在 Shadow 工具集中)。您不应该使用这个变量,除非真的需要。
MD5_CRYPT_ENAB (boolean)
This variable is superseded by the ENCRYPT_METHOD variable or by any command line option used to configure the encryption algorithm.
This variable is deprecated. You should use ENCRYPT_METHOD.
SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number)
使用很多轮转,会让暴力破解更加困难。但是需要注意,认证用户时也会需要更多的 CPU 资源。
如果没有指定,libc 会选择默认的轮转数(5000)。
值必须在 1000 - 999,999,999 之间。
If only one of the SHA_CRYPT_MIN_ROUNDS or SHA_CRYPT_MAX_ROUNDS values is set, then this value will be used.
If SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDS, the highest value will be used.
文件¶
/etc/group
/etc/gshadow
参见¶
newgrp(1), groupadd(8), groupdel(8), groupmod(8), grpck(8), group(5), gshadow(5).
2019-08-07 | shadow-utils 4.6 |