mdoc(7) police: overhaul.

Approved by:	re

usr.sbin/adduser/adduser.8

@@ -34,7 +34,6 @@
 .Nd command for adding new users
 .Sh SYNOPSIS
 .Nm
-.Bk -words
 .Op Fl CENhq
 .Op Fl G Ar groups
 .Op Fl L Ar login_class
@@ -45,33 +44,35 @@
 .Op Fl s Ar shell
 .Op Fl u Ar uid_start
 .Op Fl w Ar type
-.Ek
 .Sh DESCRIPTION
 The
-.Nm adduser
-program is a shell script, implemented around the
+.Nm
+utility is a shell script, implemented around the
 .Xr pw 8
 command, for adding new users.
 It creates passwd/group entries, a home directory,
 copies dotfiles and sends the new user a welcome message.
-It supports two modes of operation. It may be used interactively
-at the command line to add one user at a time or it may be directed
+It supports two modes of operation.
+It may be used interactively
+at the command line to add one user at a time, or it may be directed
 to get the list of new users from a file and operate in batch mode
 without requiring any user interaction.
 .Sh RESTRICTIONS
-.Bl -tag -width Ds -compact
-.It Sy username
+.Bl -tag -width indent
+.It username
 Login name.
 The user name is restricted to whatever
 .Xr pw 8
-will accept. Generally this means it
+will accept.
+Generally this means it
 may contain only lowercase characters or digits.
 Maximum length
 is 16 characters.
-The reasons for this limit are "Historical".
+The reasons for this limit are historical.
 Given that people have traditionally wanted to break this
-limit for aesthetic reasons, it's never been of great importance to break
-such a basic fundamental parameter in UNIX.
+limit for aesthetic reasons, it has never been of great importance to break
+such a basic fundamental parameter in
+.Ux .
 You can change
 .Dv UT_NAMESIZE
 in
@@ -84,94 +85,113 @@ The NIS protocol mandates an 8-character username.
 If you need a longer login name for e-mail addresses,
 you can define an alias in
 .Pa /etc/mail/aliases .
-.It Sy full name
+.It "full name"
 This is typically known as the gecos field and usually contains
-the user's full name. Additionally, it may contain a comma separated
-list of values such as office number and work and home phones. If the
+the user's full name.
+Additionally, it may contain a comma separated
+list of values such as office number and work and home phones.
+If the
 name contains an amperstand it will be replaced by the capitalized
 login name when displayed by other programs.
 The
-.Ql Pa \&:
+.Ql \&:
 character is not allowed.
-.It Sy shell
-Only valid shells from the shell database (/etc/shells) are allowed. In
+.It shell
+Only valid shells from the shell database
+.Pq Pa /etc/shells
+are allowed.
+In
 addition, only the base name of the shell is necessary, not the full path.
-.It Sy uid
-Automatically generated or your choice. It must be less than 32000.
-.It Sy gid/login group
-Automatically generated or your choice. It must be less than 32000.
-.It Sy password
+.It UID
+Automatically generated or your choice.
+It must be less than 32000.
+.It "GID/login group"
+Automatically generated or your choice.
+It must be less than 32000.
+.It password
 You may choose an empty password, disable the password, use a
 randomly generated password or specify your own plaintext password,
 which will be encrypted before being stored in the user database.
 .El
 .Sh UNIQUE GROUPS
-Perhaps you're missing what
+Perhaps you are missing what
 .Em can
 be done with this scheme that falls apart
 with most other schemes.
-With each user in his/her own group the user can
+With each user in his/her own group, the user can
 safely run with a umask of 002 instead of the usual 022
 and create files in their home directory
 without worrying about others being able to change them.
 .Pp
-For a shared area you create a separate uid/gid (like cvs or ncvs on freefall),
+For a shared area you create a separate UID/GID (like cvs or ncvs on freefall),
 you place each person that should be able to access this area into that new
 group.
 .Pp
-This model of uid/gid administration allows far greater flexibility than lumping
+This model of UID/GID administration allows far greater flexibility than lumping
 users into groups and having to muck with the umask when working in a shared
 area.
 .Pp
 I have been using this model for almost 10 years and found that it works
-for most situations, and has never gotten in the way.  (Rod Grimes)
+for most situations, and has never gotten in the way.
+(Rod Grimes)
 .Sh CONFIGURATION
 The
 .Nm
 utility reads its configuration information from
-.Ar /etc/adduser.conf .
-If this file does not exist it will use predefined defaults. While
-this file may be edited by hand the safer option is to use the
-.Op Fl C
-command line argument. With this argument
+.Pa /etc/adduser.conf .
+If this file does not exist, it will use predefined defaults.
+While this file may be edited by hand,
+the safer option is to use the
+.Fl C
+command line argument.
+With this argument,
 .Nm
 will start interactive input, save the answers to its prompts in
-.Ar /etc/adduser.conf ,
+.Pa /etc/adduser.conf ,
 and promptly exit without modifying the user
-database. Options specified on the command line will take precedence over
+database.
+Options specified on the command line will take precedence over
 any values saved in this file.
 .Sh OPTIONS
-.Bl -tag -width Ds
+.Bl -tag -width indent
 .It Fl C
-Create new configuration file and exit. This option is mutually exclusive
-with the
-.Op Fl f
+Create new configuration file and exit.
+This option is mutually exclusive with the
+.Fl f
 option.
 .It Fl d Ar partition
-Home partition. Default partition, under which all user directories
+Home partition.
+Default partition, under which all user directories
 will be located.
 .It Fl E
-Disable the account. This option will lock the account by prepending
-the string *LOCKED* to the password field. The account may be unlocked
+Disable the account.
+This option will lock the account by prepending the string
+.Dq Li *LOCKED*
+to the password field.
+The account may be unlocked
 by the super-user with the
 .Xr pw 8
 command:
 .Pp
-.Dl "pw unlock [name|uid]"
+.D1 Nm pw Cm unlock Op Ar name | uid
 .It Fl f Ar file
 Get the list of accounts to create from
 .Ar file .
 If
 .Ar file
-is '`-'', then get the list from standard input. If this option
-is specified
+is
+.Dq Fl ,
+then get the list from standard input.
+If this option is specified,
 .Nm
-will operate in batch mode and will not seek any user input. If an
-error is encountered while processing an account it will write a
-message to standard error and move to the next account. The format
+will operate in batch mode and will not seek any user input.
+If an error is encountered while processing an account, it will write a
+message to standard error and move to the next account.
+The format
 of the input file is described below.
 .It Fl G Ar groups
-Additional group(s). By default the user name is used as the login group.
+Additional groups.
+By default, the user name is used as the login group.
 This option allows the user to specify additional groups to add users to.
 .It Fl h
 Print a summary of options and exit.
@@ -179,131 +199,179 @@ Print a summary of options and exit.
 Copy files from
 .Ar directory
 into the home
-directory of new users,
-.Ql Pa dot.foo
+directory of new users;
+.Pa dot.foo
 will be renamed to
-.Ql Pa .foo .
+.Pa .foo .
 .It Fl L Ar login_class
 Set default login class.
 .It Fl m Ar file
 Send new users a welcome message from
 .Ar file .
 Specifying a value of
-.Ar no
+.Cm no
 for
 .Ar file
-causes no message to be sent to new users. Please note that the message
+causes no message to be sent to new users.
+Please note that the message
 file can reference the internal variables of the
 .Nm
 script.
 .It Fl N
 Do not read the default configuration file.
 .It Fl q
-Minimal user feedback. In particular, the random password will not be echoed to
+Minimal user feedback.
+In particular, the random password will not be echoed to
 standard output.
 .It Fl s Ar shell
-Default shell for new users. The
+Default shell for new users.
+The
 .Ar shell
-argument must be the base name of the shell , NOT the full path.
+argument must be the base name of the shell,
+.Em not
+the full path.
 It must exist in
-.Ar /etc/shells
+.Pa /etc/shells
 to be considered a valid shell.
 .It Fl u Ar uid
-Use uid's from
+Use UIDs from
 .Ar uid
 on up.
 .It Fl w Ar type
-Password type. The
+Password type.
+The
 .Nm
 utility allows the user to specify what type of password to create.
 The
 .Ar type
 argument may have one of the following values:
-.Bl -tag -width ".Dv random"
-.It Dv no
-Disable the password. Instead of an encrypted string the passowrd field
-will contain a single '`*'' character.
-The user may not login until the super-user
+.Bl -tag -width ".Cm random"
+.It Cm no
+Disable the password.
+Instead of an encrypted string, the passowrd field will contain a single
+.Ql *
+character.
+The user may not log in until the super-user
 manually enables the password.
-.It Dv none
+.It Cm none
 Use an empty string as the password.
-.It Dv yes
-Use a user supplied string as the password. In interactive mode
-the user will be prompted for the password. In batch mode, the
+.It Cm yes
+Use a user-supplied string as the password.
+In interactive mode,
+the user will be prompted for the password.
+In batch mode, the
 last (10th) field in the line is assumed to be the password.
-.It Dv random
-Generate a random string and use it as a password. The password will
-be echoed to standard output. In addition it will be available for
-inclusion in the message file in the
-.Ar randompass
-environment variable.
+.It Cm random
+Generate a random string and use it as a password.
+The password will be echoed to standard output.
+In addition, it will be available for inclusion in the message file in the
+.Va randompass
+variable.
+.El
 .El
 .Sh FORMAT
-.Bl -tag -width Ds -compact
 When the
-.Op Fl f
-option is used the account information must be stored in a specific
-format. All empty lines or lines beginning with a
-.Ql Pa #
-will be ignored. All other lines must contain ten colon (:) separated
-fields as described below. Command line options do not take precedence
-over values in the fields. Only the password field may contain a
-.Ql Pa :
+.Fl f
+option is used, the account information must be stored in a specific
+format.
+All empty lines or lines beginning with a
+.Ql #
+will be ignored.
+All other lines must contain ten colon
+.Pq Ql \&:
+separated fields as described below.
+Command line options do not take precedence
+over values in the fields.
+Only the password field may contain a
+.Ql \&:
 character as part of the string.
 .Pp
-.Dl "name:uid:gid:class:change:expire:gecos:home_dir:shell:password"
-.Bl -tag -width ".Dv password"
-.It Dv name
-Login name. This field may not be empty.
-.It Dv uid
-Numeric login user id. If this field is left empty it will be automatically
-generated.
-.It Dv gid
-Numeric primary group id. If this field is left empty a group with the
-same name as the user name will be created and its gid will be used
+.Sm off
+.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password
+.Sm on
+.Bl -tag -width ".Ar password"
+.It Ar name
+Login name.
+This field may not be empty.
+.It Ar uid
+Numeric login user ID.
+If this field is left empty, it will be automatically generated.
+.It Ar gid
+Numeric primary group ID.
+If this field is left empty, a group with the
+same name as the user name will be created and its GID will be used
 instead.
-.It Dv class
-Login class. This field may be left empty.
-.It Dv change
+.It Ar class
+Login class.
+This field may be left empty.
+.It Ar change
 Password ageing.
-This field denotes the password change date for the account. The format of this
-field is the same as the format of the
-.Op Fl p
+This field denotes the password change date for the account.
+The format of this field is the same as the format of the
+.Fl p
 argument to
 .Xr pw 8 .
-It may be 'dd-mmm-yy[yy]', where 'dd' is for the day, 'mmm' is for the month
-in numeric or alphabetical format: '10 or Oct', and 'yy[yy]' is the four or two digit year.
-To denote a time relative to the current date the format
-is: '+n[mhdwoy]', where 'n' denotes a number, followed by the Minutes, Hours,
-Days, Weeks, Months or Years after which the password must be changed. 
-This field may be left empty to turn it off.
-.It Dv expire
-Account expiration. This field denotes the expiry date of the account. The account may
-not be used after the specified date. The format of this field is the same as that
-for password ageing. This field may be left empty to turn it off.
-.It Dv gecos
-Full name and other extra information about the user.
-.It Dv home_dir
-Home directory. If this field is left empty it will be automatically
-created by appending the username to the home partition.
-.It Dv shell
-Login Shell. This field should contain the full path to a valid login shell.
-.It Dv password
-User password. This field should contain a plaintext string, which will
-be encrypted before being placed in the user database. If the password type is 'yes'
-and this field is empty it is assumed the account will have any empty password. If
-the password type is 'random' and this field is NOT empty its contents will be used
-as a password. This field will be ignored if the
-.Op Fl p
-flag is used with a
-.Ar no
+It may be
+.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy ,
+where
+.Ar dd
+is for the day,
+.Ar mmm
+is for the month in numeric or alphabetical format:
+.Dq Li 10
 or
-.Ar none
-argument. Be carefull not to terminate this field with a closing ':' because it will
-be treated as part of the password.
+.Dq Li Oct ,
+and
+.Ar yy Ns Op Ar yy
+is the four or two digit year.
+To denote a time relative to the current date the format is:
+.No + Ns Ar n Ns Op Ar mhdwoy ,
+where
+.Ar n
+denotes a number, followed by the minutes, hours, days, weeks,
+months or years after which the password must be changed.
+This field may be left empty to turn it off.
+.It Ar expire
+Account expiration.
+This field denotes the expiry date of the account.
+The account may not be used after the specified date.
+The format of this field is the same as that for password ageing.
+This field may be left empty to turn it off.
+.It Ar gecos
+Full name and other extra information about the user.
+.It Ar home_dir
+Home directory.
+If this field is left empty, it will be automatically
+created by appending the username to the home partition.
+.It Ar shell
+Login shell.
+This field should contain the full path to a valid login shell.
+.It Ar password
+User password.
+This field should contain a plaintext string, which will
+be encrypted before being placed in the user database.
+If the password type is
+.Cm yes
+and this field is empty, it is assumed the account will have an empty password.
+If the password type is
+.Cm random
+and this field is
+.Em not
+empty, its contents will be used
+as a password.
+This field will be ignored if the
+.Fl p
+option is used with a
+.Cm no
+or
+.Cm none
+argument.
+Be carefull not to terminate this field with a closing
+.Ql \&:
+because it will be treated as part of the password.
 .El
 .Sh FILES
-.Bl -tag -width /etc/master.passwdxx -compact
+.Bl -tag -width ".Pa /etc/adduser.message" -compact
 .It Pa /etc/master.passwd
 user database
 .It Pa /etc/group
@@ -313,13 +381,16 @@ shell database
 .It Pa /etc/login.conf
 login classes database
 .It Pa /etc/adduser.conf
-configuration file for adduser
+configuration file for
+.Nm
 .It Pa /etc/adduser.message
-message file for adduser
+message file for
+.Nm
 .It Pa /usr/share/skel
 skeletal login directory
 .It Pa /var/log/adduser
-logfile for adduser
+logfile for
+.Nm
 .El
 .Sh SEE ALSO
 .Xr chpass 1 ,
@@ -340,22 +411,31 @@ The
 command appeared in
 .Fx 2.1 .
 .Sh AUTHORS
-This manual page and the original script, in perl, was written by
-.An Wolfram Schneider <wosch@FreeBSD.org>. The replacement script, written as a Bourne
+.An -nosplit
+This manual page and the original script, in Perl, was written by
+.An Wolfram Schneider Aq wosch@FreeBSD.org .
+The replacement script, written as a Bourne
 shell script with some enhancements, and the man page modification that
 came with it were done by
-.An Mike Makonnen <mtm@identd.net> .
+.An Mike Makonnen Aq mtm@identd.net .
 .Sh BUGS
 In order for
 .Nm
-to correctly expand variables such as $username and $randompass in the message sent
-to new users it must let the shell evaluate each line of the message file. This means
-that shell commands can also be embedded in the message file. The
+to correctly expand variables such as
+.Va $username
+and
+.Va $randompass
+in the message sent to new users, it must let the shell evaluate
+each line of the message file.
+This means that shell commands can also be embedded in the message file.
+The
 .Nm
-utility attemps to mitigate the possibility of an attacker using this feature by
-refusing to evaluate the file if it is not owned and writeable only by the root user.
-In addition, shell special characters and operators will have to be escaped when
-used in the message file.
+utility attemps to mitigate the possibility of an attacker using this
+feature by refusing to evaluate the file if it is not owned and writeable
+only by the root user.
+In addition, shell special characters and operators will have to be
+escaped when used in the message file.
 .Pp
-Also, password ageing and account expiry times are currently setable only in batch mode.
+Also, password ageing and account expiry times are currently setable
+only in batch mode.
 The user should be able to set them in interactive mode as well.

usr.sbin/adduser/rmuser.8

@@ -31,7 +31,7 @@
 .Os
 .Sh NAME
 .Nm rmuser
-.Nd removes users from the system
+.Nd remove users from the system
 .Sh SYNOPSIS
 .Nm
 .Op Fl y
@@ -41,8 +41,8 @@
 The
 .Nm
 utility removes one or more users submitted on the command line
-or from a file. In removing a user from the system, this utility
-.Pp
+or from a file.
+In removing a user from the system, this utility:
 .Bl -enum
 .It
 Removes the user's
@@ -53,7 +53,9 @@ Removes any
 .Xr at 1
 jobs belonging to the user.
 .It
-Sends a SIGKILL signal to all processes owned by the user.
+Sends a
+.Dv SIGKILL
+signal to all processes owned by the user.
 .It
 Removes the user from the system's local password file.
 .It
@@ -61,13 +63,12 @@ Removes the user's home directory (if it is owned by the user),
 including handling of symbolic links in the path to the actual home
 directory.
 .It
-Removes the incoming mail and pop daemon mail files belonging to the
+Removes the incoming mail and POP daemon mail files belonging to the
 user from
 .Pa /var/mail .
 .It
 Removes all files owned by the user from
-.Pa /tmp ,
-.Pa /var/tmp ,
+.Pa /tmp , /var/tmp ,
 and
 .Pa /var/tmp/vi.recover .
 .It
@@ -76,66 +77,76 @@ Removes the username from all groups to which it belongs in
 (If a group becomes empty and the group name is the same as the username,
 the group is removed; this complements
 .Xr adduser 8 Ns 's
-per-user unique groups).
+per-user unique groups.)
 .El
 .Pp
-The 
+The
 .Nm
-utility refuses to remove users whose uid is 0 (typically root), since
+utility refuses to remove users whose UID is 0 (typically root), since
 certain actions (namely, killing all the user's processes, and perhaps
 removing the user's home directory) would cause damage to a running system.
-If it is necessary to remove a user whose uid is 0, see
+If it is necessary to remove a user whose UID is 0, see
 .Xr vipw 8
-for information on directly editing the password file
+for information on directly editing the password file.
 .Pp
 If
 .Nm
 was not invoked with the
 .Fl y
-switch it will
+option, it will
 show the selected user's password file entry and ask for confirmation
-that the user be removed.  It will then ask for confirmation to delete
-the user's home directory. If the answer is in the affirmative, the home
+that the user be removed.
+It will then ask for confirmation to delete
+the user's home directory.
+If the answer is in the affirmative, the home
 directory and any files and subdirectories under it will be deleted only if
-they are owned by the user. See
+they are owned by the user.
+See
 .Xr pw 8
 for more details.
 .Pp
 As
 .Nm
-operates, it informs the user regarding the current activity.  If any
+operates, it informs the user regarding the current activity.
+If any
 errors occur, they are posted to standard error and, if it is possible for
 .Nm
 to continue, it will.
 .Pp
-Available options:
-.Pp
-.Bl -tag -width username
-.It Fl y
-Implicitly answer "yes" to any and all prompts. Currently this includes
-prompts on whether to remove the specified user and whether to remove
-the home directory. This option requires that either the
-.Fl f
-option be used or one or more user names be given as commmand line
-arguments.
-.It Fl f
+The options are as follows:
+.Bl -tag -width ".Ar username"
+.It Fl f Ar file
 The
 .Nm
 utility will get a list of users to be removed from
 .Ar file ,
-which will contain one user per line. Anything following a hash mark (#),
+which will contain one user per line.
+Anything following a hash mark
+.Pq Ql # ,
 including the hash mark itself, is considered a comment and will not
-be processed. If the file is owned by anyone other than a user with
-uid 0 or is writeable by anyone other than the owner
+be processed.
+If the file is owned by anyone other than a user with
+UID 0, or is writeable by anyone other than the owner,
 .Nm
 will refuse to continue.
-.It Ar \&username
+.It Fl y
+Implicitly answer
+.Dq Li yes
+to any and all prompts.
+Currently, this includes
+prompts on whether to remove the specified user and whether to remove
+the home directory.
+This option requires that either the
+.Fl f
+option be used, or one or more user names be given as commmand line
+arguments.
+.It Ar username
 Identifies one or more users to be removed; if not present,
 .Nm
 interactively asks for one or more users to be removed.
 .El
 .Sh FILES
-.Bl -tag -width /etc/master.passwd -compact
+.Bl -tag -compact
 .It Pa /etc/master.passwd
 .It Pa /etc/passwd
 .It Pa /etc/group
@@ -157,10 +168,8 @@ interactively asks for one or more users to be removed.
 .Sh HISTORY
 The
 .Nm
-command appeared in
+utility appeared in
 .Fx 2.2 .
-.\" .Sh AUTHOR
-.\" Guy Helmer, Ames, Iowa
 .Sh BUGS
 The
 .Nm
@@ -171,19 +180,20 @@ It is also unable to remove symbolic links that were created by the
 user in
 .Pa /tmp
 or
-.Pa /var/tmp
+.Pa /var/tmp ,
 as symbolic links on
 .Bx 4.4
 filesystems do not contain information
-as to who created them.  Also, there may be other files created in
+as to who created them.
+Also, there may be other files created in
 .Pa /var/mail
 other than
-.Pa /var/mail/username
+.Pa /var/mail/ Ns Ar username
 and
-.Pa /var/mail/.pop.username
+.Pa /var/mail/.pop. Ns Ar username
 that are not owned by the removed user but should be removed.
 .Pp
 The
 .Nm
-utility has no knowledge of NIS (Yellow Pages), and it operates only on the
+utility has no knowledge of YP/NIS, and it operates only on the
 local password file.