Additional Resources; Installed Documentation - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

• Improves system security by moving encrypted password hashes from the world-readable /etc/
passwd file to /etc/shadow, which is readable only by the root user.
• Stores information about password aging.
• Allows the use the /etc/login.defs file to enforce security policies.
Most utilities provided by the shadow-utils package work properly whether or not shadow
passwords are enabled. However, since password aging information is stored exclusively in the /
etc/shadow file, any commands which create or modify password aging information do not work.
The following is a list of commands which do not work without first enabling shadow passwords:
• chage
• gpasswd
• /usr/sbin/usermod -e or -f options
• /usr/sbin/useradd -e or -f options

33.7. Additional Resources

For more information about users and groups, and tools to manage them, refer to the following
resources.

33.7.1. Installed Documentation

• Related man pages — There are a number of man pages for the various applications and
configuration files involved with managing users and groups. Some of the more important man
pages have been listed here:
User and Group Administrative Applications
• man chage — A command to modify password aging policies and account expiration.
• man gpasswd — A command to administer the /etc/group file.
• man groupadd — A command to add groups.
• man grpck — A command to verify the /etc/group file.
• man groupdel — A command to remove groups.
• man groupmod — A command to modify group membership.
• man pwck — A command to verify the /etc/passwd and /etc/shadow files.
• man pwconv — A tool to convert standard passwords to shadow passwords.
• man pwunconv — A tool to convert shadow passwords to standard passwords.
• man useradd — A command to add users.
• man userdel — A command to remove users.
• man usermod — A command to modify users.
Additional Resources
489