Grpconv

来自 ChinaUnix Wiki

Linux命令：grpconv

功能说明：开启群组的投影密码。

语　　法：grpconv

补充说明：Linux系统里的用户和群组密码，分别存放在/etc目录下的passwd和group文件中。因系统运作所需，任何人都得以读取它们，造成安全上的破绽。投影密码将文件内的密码改存在/etc目录下的shadow和gshadow文件内，只允许系统管理者读取，同时把原密码置换为"x"字符。投影密码的功能可随时开启或关闭，您只需执行grpconv指令就能开启群组投影密码。

英文版本，欢迎翻译：

NAME pwconv, pwunconv, grpconv, grpunconv - convert to and from shadow passwords and groups.

SYNOPSIS pwconv pwunconv grpconv grpunconv

DESCRIPTION These four programs all operate on the normal and shadow password and group files: /etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow.

pwconv creates shadow from passwd and an optionally existing shadow. pwunconv creates passwd from passwd and shadow and then removes shadow. grpconv creates gshadow from group and an optionally exist? ing gshadow. grpunconv creates group from group and gshadow and then removes gshadow.

Each program acquires the necessary locks before conversion.

pwconv and grpconv are similiar. First, entries in the shadowed file which dont exist in the main file are removed. Then, shadowed entries which dont have `x as the password in the main file are updated. Any missing shadowed entries are added. Finally, passwords in the main file are replaced with `x. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand.

pwconv will use the values of PASS_MIN_DAYS, PASS_MAX_DAYS, and PASS_WARN_AGE from /etc/login.defs when adding new entries to /etc/shadow.

Likewise, pwunconv and grpunconv are similiar. Passwords in the main file are updated from the shadowed file. Entries which exist in the main file but not in the shadowed file are left alone. Finally, the shadowed file is removed.

Some password aging information is lost by pwunconv. It will convert what it can.

BUGS Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways. Please run pwck and grpck to correct any such errors before converting to or from shadow passwords or groups.

SEE ALSO login.defs(5), pwck(8), grpck(8), shadowconfig(8)

26 Sep 1997 1