فهرست منبع

chapter06: Translate shadow instruction

Xi Ruoyao 7 سال پیش
والد
کامیت
52c53521c7
1فایلهای تغییر یافته به همراه124 افزوده شده و 100 حذف شده
  1. 124 100
      chapter06/shadow.xml

+ 124 - 100
chapter06/shadow.xml

@@ -23,8 +23,7 @@
   <sect2 role="package">
     <title/>
 
-    <para>The Shadow package contains programs for handling passwords in a secure
-    way.</para>
+    <para>Shadow 软件包包含安全地处理密码的程序。</para>
 
     <segmentedlist>
       <segtitle>&buildtime;</segtitle>
@@ -42,42 +41,41 @@
     <title>安装Shadow</title>
 
     <note>
-      <para>If you would like to enforce the use of strong passwords, refer to
-      <ulink url="&blfs-book;postlfs/cracklib.html"/> for installing
-      CrackLib prior to building Shadow. Then add
-      <parameter>--with-libcrack</parameter> to the <command>configure</command>
-      command below.</para>
+      <para>如果您希望强制使用强密码,参考
+      <ulink url="&blfs-book;postlfs/cracklib.html"/> 以在构建 Shadow 前安装
+	  CrackLib,然后为下面的 <command>configure</command> 命令附加
+      <parameter>--with-libcrack</parameter> 参数。</para>
     </note>
 
-    <para>Disable the installation of the <command>groups</command> program
-    and its man pages, as Coreutils provides a better version. Also 
-    Prevent the installation of manual pages that were already installed by the
-    <xref linkend="man-pages"/> package:</para>
+    <para>禁止该软件包安装 <command>groups</command>
+    程序和它的 man 页面,因为 Coreutils 会提供更好的版本。
+	同样,避免安装 <xref linkend="man-pages"/>
+	软件包已经提供的 man 页面:</para>
 
 <screen><userinput remap="pre">sed -i 's/groups$(EXEEXT) //' src/Makefile.in
 find man -name Makefile.in -exec sed -i 's/groups\.1 / /'   {} \;
 find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
 find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></screen>
 
-    <para id="shadow-login_defs">Instead of using the default
-    <emphasis>crypt</emphasis> method, use the more secure
-    <emphasis>SHA-512</emphasis> method of password encryption, which also
-    allows passwords longer than 8 characters. It is also necessary to change
-    the obsolete <filename class="directory">/var/spool/mail</filename> location
-    for user mailboxes that Shadow uses by default to the <filename
-    class="directory">/var/mail</filename> location used currently:</para>
+    <para id="shadow-login_defs"> 不使用默认的
+    <emphasis>crypt</emphasis> 加密方法,使用更安全的
+    <emphasis>SHA-512</emphasis> 方法加密密码,
+    该方法也允许长度超过 8 个字符的密码。另外,还需要把 Shadow
+	默认使用的用户邮箱位置
+	<filename class="directory">/var/spool/mail</filename>
+	改为当前普遍使用的 <filename class="directory">/var/mail</filename>
+    目录:</para>
 
 <screen><userinput remap="pre">sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
        -e 's@/var/spool/mail@/var/mail@' etc/login.defs</userinput></screen>
 
     <note>
-      <para>If you chose to build Shadow with Cracklib support, run the following:</para>
+      <para>如果您选择构建有 Cracklib 支持的 Shadow,执行下列命令:</para>
 
 <screen role="nodump"><userinput>sed -i 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' etc/login.defs</userinput></screen>
     </note>
 
-    <para>Make a minor change to make the first group number generated
-    by useradd 1000:</para>
+    <para>进行微小的改动,使 useradd 使用 1000 作为第一个组编号:</para>
 
 <screen><userinput remap="pre">sed -i 's/1000/999/' etc/useradd</userinput></screen>
 
@@ -86,13 +84,13 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
 <screen><userinput remap="configure">./configure --sysconfdir=/etc --with-group-name-max-length=32</userinput></screen>
 
     <variablelist>
-      <title>The meaning of the configure option:</title>
+      <title>配置选项的含义:</title>
 
       <varlistentry>
         <term><parameter>--with-group-name-max-length=32</parameter></term>
         <listitem>
-          <para>The maximum user name is 32 characters.  Make the maximum
-          group name the same.</para>
+          <para>最长用户名可以有 32 个字符,设定组名称最大长度为相同值。
+          </para>
         </listitem>
       </varlistentry>
 
@@ -108,7 +106,7 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
 
 <screen><userinput remap="install">make install</userinput></screen>
 
-    <para>Move a misplaced program to its proper location:</para>
+    <para>将一个安装位置不正确的程序移动到正确位置:</para>
 
 <screen><userinput remap="install">mv -v /usr/bin/passwd /bin</userinput></screen>
 
@@ -121,31 +119,43 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
   </sect2>
 
   <sect2 id="conf-shadow" role="configuration">
-    <title>Configuring Shadow</title>
+    <title>配置 Shadow</title>
 
     <indexterm zone="conf-shadow">
       <primary sortas="a-Shadow">Shadow</primary>
       <secondary>configuring</secondary>
     </indexterm>
 
-    <para>This package contains utilities to add, modify, and delete users and
+    <!--para>This package contains utilities to add, modify, and delete users and
     groups; set and change their passwords; and perform other administrative
     tasks. For a full explanation of what <emphasis>password shadowing</emphasis>
     means, see the <filename>doc/HOWTO</filename> file within the unpacked
     source tree. If using Shadow support, keep in mind that programs which need
     to verify passwords (display managers, FTP programs, pop3 daemons, etc.)
     must be Shadow-compliant. That is, they need to be able to work with
-    shadowed passwords.</para>
-
-    <para>To enable shadowed passwords, run the following command:</para>
+    shadowed passwords.</para-->
+    <para>该软件包包含用于添加、修改、删除用户和组,设定和修改它们的密码,
+		以及进行其他管理任务的工具。如果希望查阅关于
+		<emphasis>password shadowing</emphasis> 的详细解释,
+		阅读解压得到源代码目录树中的 <filename>doc/HOWTO</filename>
+		文件。如果使用 Shadow 支持,记住所有需要验证密码的程序
+		(如显示管理器、FTP 程序、pop3 守护进程等)都必须和 Shadow
+		兼容。换句话说,它们必须能使用 Shadow 加密的密码。</para>
+	<note><title>译注</title>
+		<para>大多数 Linux 程序要么本身支持 Shadow,要么通过 Linux PAM
+			支持 Shadow。为了提高安全性,建议启用 Shadow 加密。
+		</para>
+	</note>
+
+    <para>执行下列命令,对用户密码启用 Shadow 加密:</para>
 
 <screen><userinput>pwconv</userinput></screen>
 
-    <para>To enable shadowed group passwords, run:</para>
+    <para>执行命令,对组密码启用 Shadow 加密:</para>
 
 <screen><userinput>grpconv</userinput></screen>
 
-    <para>Shadow's stock configuration for the <command>useradd</command>
+    <!--para>Shadow's stock configuration for the <command>useradd</command>
     utility has a few caveats that need some explanation. First, the default
     action for the <command>useradd</command> utility is to create the user and
     a group of the same name as the user. By default the user ID (UID) and
@@ -155,15 +165,25 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
     to pass the <parameter>-g</parameter> parameter to
     <command>useradd</command>. The default parameters are stored in the
     <filename>/etc/default/useradd</filename> file. You may need to modify two
-    parameters in this file to suit your particular needs.</para>
+    parameters in this file to suit your particular needs.</para-->
+    <para>Shadow 为 <command>useradd</command>
+        提供的配置文件有一些需要解释的事项。首先,<command>useradd</command>
+		的默认操作是创建一个用户,以及一个名字和用户名相同的组。
+		默认情况下,用户 ID (UID)和组 ID (GID)会从 1000 开始。
+		这意味着,如果您不向 <command>useradd</command> 传递参数,
+		每个用户都会属于一个不同的组。如果您不希望这样,
+		就要向 <command>useradd</command> 传递 <parameter>-g</parameter>
+		参数。默认参数保存在 <filename>/etc/default/useradd</filename>
+		文件中,您可以编辑其中的两个参数,以满足您的特定需求:
+	</para>
 
     <variablelist>
-      <title><filename>/etc/default/useradd</filename> Parameter Explanations</title>
+      <title><filename>/etc/default/useradd</filename> 参数解释</title>
 
       <varlistentry>
         <term><parameter>GROUP=1000</parameter></term>
         <listitem>
-          <para>This parameter sets the beginning of the group numbers used in
+          <!--para>This parameter sets the beginning of the group numbers used in
           the /etc/group file. You can modify it to anything you desire. Note
           that <command>useradd</command> will never reuse a UID or GID. If the
           number identified in this parameter is used, it will use the next
@@ -172,19 +192,34 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
           without the <parameter>-g</parameter> parameter, you'll get a message
           displayed on the terminal that says:
           <computeroutput>useradd: unknown GID 1000</computeroutput>. You may
-          disregard this message and group number 1000 will be used.</para>
+          disregard this message and group number 1000 will be used.</para-->
+          <para>该参数设定 /etc/group 文件中使用的第一个组编号,
+			  您可以将它修改为您希望的任何值。注意
+			  <command>useradd</command> 绝不会重用 UID 或 GID,
+			  如果该参数指定的数字已经被使用了,它就会使用下一个可用的数字。
+			  另外,如果在您第一次不加 <parameter>-g</parameter>
+			  参数使用 <command>useradd</command> 时没有编号 1000 的组,
+			  您就会在终端看到一条消息:
+			  <computeroutput>useradd: unknown GID 1000</computeroutput>。
+			  您可以忽略这条消息,它会使用组编号 1000 。</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><parameter>CREATE_MAIL_SPOOL=yes</parameter></term>
         <listitem>
-          <para>This parameter causes <command>useradd</command> to create a
+          <!--para>This parameter causes <command>useradd</command> to create a
           mailbox file for the newly created user. <command>useradd</command>
           will make the group ownership of this file to the
           <systemitem class="groupname">mail</systemitem> group with 0660
           permissions. If you would prefer that these mailbox files are not
           created by <command>useradd</command>, issue the following
-          command:</para>
+          command:</para-->
+          <para>该参数使得 <command>useradd</command>
+			  为新创建的用户建立邮箱文件。<command>useradd</command>
+			  会使得 <systemitem class="groupname">mail</systemitem>
+			  为拥有该文件的组,并为文件赋予 0660 访问权限。
+			  如果您不希望 <command>useradd</command> 创建这些邮箱文件,
+			  执行下列命令:</para>
 
 <screen><userinput>sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
         </listitem>
@@ -196,10 +231,10 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
   </sect2>
 
   <sect2 role="configuration">
-    <title>Setting the root password</title>
+    <title>设定 root 密码</title>
 
-    <para>Choose a password for user <emphasis>root</emphasis> and set it
-    by running:</para>
+	<para>为用户 <emphasis>root</emphasis> 选择一个密码,
+		并执行下列命令设定它:</para>
 
 <screen role="nodump"><userinput>passwd root</userinput></screen>
 
@@ -216,8 +251,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
         <seg>chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog, gpasswd,
         groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv,
         lastlog, login, logoutd, newgidmap, newgrp, newuidmap, newusers,
-        nologin, passwd, pwck, pwconv, pwunconv, sg (link to newgrp), su,
-        useradd, userdel, usermod, vigr (link to vipw), and vipw</seg>
+        nologin, passwd, pwck, pwconv, pwunconv, sg (到 newgrp的链接), su,
+        useradd, userdel, usermod, vigr (到 vipw 的链接), 以及 vipw</seg>
         <seg>/etc/default</seg>
       </seglistitem>
     </segmentedlist>
@@ -230,8 +265,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="chage">
         <term><command>chage</command></term>
         <listitem>
-          <para>Used to change the maximum number of days between obligatory
-          password changes</para>
+          <para>用于修改强制性密码更新的最大天数</para>
           <indexterm zone="ch-system-shadow chage">
             <primary sortas="b-chage">chage</primary>
           </indexterm>
@@ -241,7 +275,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="chfn">
         <term><command>chfn</command></term>
         <listitem>
-          <para>Used to change a user's full name and other information</para>
+          <para>用于修改用户全名和其他信息</para>
           <indexterm zone="ch-system-shadow chfn">
             <primary sortas="b-chfn">chfn</primary>
           </indexterm>
@@ -251,7 +285,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="chgpasswd">
         <term><command>chgpasswd</command></term>
         <listitem>
-          <para>Used to update group passwords in batch mode</para>
+          <para>用于批量更新组密码</para>
           <indexterm zone="ch-system-shadow chgpasswd">
             <primary sortas="b-chgpasswd">chgpasswd</primary>
           </indexterm>
@@ -261,7 +295,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="chpasswd">
         <term><command>chpasswd</command></term>
         <listitem>
-          <para>Used to update user passwords in batch mode</para>
+          <para>用于批量更新用户密码</para>
           <indexterm zone="ch-system-shadow chpasswd">
             <primary sortas="b-chpasswd">chpasswd</primary>
           </indexterm>
@@ -271,7 +305,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="chsh">
         <term><command>chsh</command></term>
         <listitem>
-          <para>Used to change a user's default login shell</para>
+          <para>用于改变用户的默认登录 shell</para>
           <indexterm zone="ch-system-shadow chsh">
             <primary sortas="b-chsh">chsh</primary>
           </indexterm>
@@ -281,7 +315,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="expiry">
         <term><command>expiry</command></term>
         <listitem>
-          <para>Checks and enforces the current password expiration policy</para>
+          <para>检查并强制当前密码过期策略</para>
           <indexterm zone="ch-system-shadow expiry">
             <primary sortas="b-expiry">expiry</primary>
           </indexterm>
@@ -291,9 +325,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="faillog">
         <term><command>faillog</command></term>
         <listitem>
-          <para>Is used to examine the log of login failures, to set a maximum
-          number of failures before an account is blocked, or to reset the
-          failure count</para>
+          <para>用于检查失败登录日志,设定锁定账户的最大失败次数,
+          或重置失败次数</para>
           <indexterm zone="ch-system-shadow faillog">
             <primary sortas="b-faillog">faillog</primary>
           </indexterm>
@@ -303,8 +336,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="gpasswd">
         <term><command>gpasswd</command></term>
         <listitem>
-          <para>Is used to add and delete members and administrators to
-          groups</para>
+          <para>用于增加或删除组的用户和管理员</para>
           <indexterm zone="ch-system-shadow gpasswd">
             <primary sortas="b-gpasswd">gpasswd</primary>
           </indexterm>
@@ -314,7 +346,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="groupadd">
         <term><command>groupadd</command></term>
         <listitem>
-          <para>Creates a group with the given name</para>
+          <para>以指定名称创建组</para>
           <indexterm zone="ch-system-shadow groupadd">
             <primary sortas="b-groupadd">groupadd</primary>
           </indexterm>
@@ -324,7 +356,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="groupdel">
         <term><command>groupdel</command></term>
         <listitem>
-          <para>Deletes the group with the given name</para>
+          <para>删除指定的组</para>
           <indexterm zone="ch-system-shadow groupdel">
             <primary sortas="b-groupdel">groupdel</primary>
           </indexterm>
@@ -334,8 +366,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="groupmems">
         <term><command>groupmems</command></term>
         <listitem>
-          <para>Allows a user to administer his/her own group membership list
-          without the requirement of super user privileges.</para>
+          <para>在不需要超级用户权限的情况下,
+          	  允许用户管理自己的组成员列表</para>
           <indexterm zone="ch-system-shadow groupmems">
             <primary sortas="b-groupmems">groupmems</primary>
           </indexterm>
@@ -345,7 +377,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="groupmod">
         <term><command>groupmod</command></term>
         <listitem>
-          <para>Is used to modify the given group's name or GID</para>
+          <para>用于修改给定的组名称或 GID</para>
           <indexterm zone="ch-system-shadow groupmod">
             <primary sortas="b-groupmod">groupmod</primary>
           </indexterm>
@@ -355,9 +387,9 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="grpck">
         <term><command>grpck</command></term>
         <listitem>
-          <para>Verifies the integrity of the group files
-          <filename>/etc/group</filename> and
-          <filename>/etc/gshadow</filename></para>
+          <para>验证组文件
+          <filename>/etc/group</filename> 
+          <filename>/etc/gshadow</filename> 的完整性</para>
           <indexterm zone="ch-system-shadow grpck">
             <primary sortas="b-grpck">grpck</primary>
           </indexterm>
@@ -367,8 +399,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="grpconv">
         <term><command>grpconv</command></term>
         <listitem>
-          <para>Creates or updates the shadow group file from the normal
-          group file</para>
+          <para>根据普通组文件创建或更新加密组文件</para>
           <indexterm zone="ch-system-shadow grpconv">
             <primary sortas="b-grpconv">grpconv</primary>
           </indexterm>
@@ -378,8 +409,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="grpunconv">
         <term><command>grpunconv</command></term>
         <listitem>
-          <para>Updates <filename>/etc/group</filename> from
-          <filename>/etc/gshadow</filename> and then deletes the latter</para>
+          <para>根据 <filename>/etc/gshadow</filename> 文件更新
+          <filename>/etc/gshadow</filename> 文件,并删除前者</para>
           <indexterm zone="ch-system-shadow grpunconv">
             <primary sortas="b-grpunconv">grpunconv</primary>
           </indexterm>
@@ -389,8 +420,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="lastlog">
         <term><command>lastlog</command></term>
         <listitem>
-          <para>Reports the most recent login of all users or of a
-          given user</para>
+          <para>报告所有用户或给定用户最后一次登录的信息</para>
           <indexterm zone="ch-system-shadow lastlog">
             <primary sortas="b-lastlog">lastlog</primary>
           </indexterm>
@@ -400,7 +430,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="login">
         <term><command>login</command></term>
         <listitem>
-          <para>Is used by the system to let users sign on</para>
+          <para>被系统用于允许用户登录</para>
           <indexterm zone="ch-system-shadow login">
             <primary sortas="b-login">login</primary>
           </indexterm>
@@ -410,8 +440,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="logoutd">
         <term><command>logoutd</command></term>
         <listitem>
-          <para>Is a daemon used to enforce restrictions on log-on time
-          and ports</para>
+          <para>是一个限制登录时间和端口的守护进程</para>
           <indexterm zone="ch-system-shadow logoutd">
             <primary sortas="b-logoutd">logoutd</primary>
           </indexterm>
@@ -421,7 +450,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="newgidmap">
         <term><command>newgidmap</command></term>
         <listitem>
-          <para>Is used to set the gid mapping of a user namespace</para>
+          <para>用于设定一个用户命名空间的 gid 映射</para>
           <indexterm zone="ch-system-shadow newgidmap">
             <primary sortas="b-newgidmap">newgidmap</primary>
           </indexterm>
@@ -431,7 +460,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="newgrp">
         <term><command>newgrp</command></term>
         <listitem>
-          <para>Is used to change the current GID during a login session</para>
+          <para>用于在登录会话中修改当前 GID</para>
           <indexterm zone="ch-system-shadow newgrp">
             <primary sortas="b-newgrp">newgrp</primary>
           </indexterm>
@@ -441,7 +470,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="newuidmap">
         <term><command>newuidmap</command></term>
         <listitem>
-          <para>Is used to set the uid mapping of a user namespace</para>
+          <para>用于设定用户命名空间的 uid 映射</para>
           <indexterm zone="ch-system-shadow newuidmap">
             <primary sortas="b-newuidmap">newuidmap</primary>
           </indexterm>
@@ -451,8 +480,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="newusers">
         <term><command>newusers</command></term>
         <listitem>
-          <para>Is used to create or update an entire series of user
-          accounts</para>
+          <para>用于批量创建或更新用户账户</para>
           <indexterm zone="ch-system-shadow newusers">
             <primary sortas="b-newusers">newusers</primary>
           </indexterm>
@@ -462,9 +490,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="nologin">
         <term><command>nologin</command></term>
         <listitem>
-          <para>Displays a message that an account is not available; it is designed
-          to be used as the default shell for accounts that have been
-          disabled</para>
+          <para>显示一条账户不可用的消息,
+          	  它被设计为用来当作被禁用的账户的默认 shell</para>
           <indexterm zone="ch-system-shadow nologin">
             <primary sortas="b-nologin">nologin</primary>
           </indexterm>
@@ -474,7 +501,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="passwd">
         <term><command>passwd</command></term>
         <listitem>
-          <para>Is used to change the password for a user or group account</para>
+          <para>用于修改用户或组账户的密码</para>
           <indexterm zone="ch-system-shadow passwd">
             <primary sortas="b-passwd">passwd</primary>
           </indexterm>
@@ -484,9 +511,9 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="pwck">
         <term><command>pwck</command></term>
         <listitem>
-          <para>Verifies the integrity of the password files
-          <filename>/etc/passwd</filename> and
-          <filename>/etc/shadow</filename></para>
+          <para>检验密码文件
+          <filename>/etc/passwd</filename> 
+          <filename>/etc/shadow</filename> 的完整性</para>
           <indexterm zone="ch-system-shadow pwck">
             <primary sortas="b-pwck">pwck</primary>
           </indexterm>
@@ -496,8 +523,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="pwconv">
         <term><command>pwconv</command></term>
         <listitem>
-          <para>Creates or updates the shadow password file from the normal
-          password file</para>
+          <para>从普通密码文件创建或更新加密密码文件</para>
           <indexterm zone="ch-system-shadow pwconv">
             <primary sortas="b-pwconv">pwconv</primary>
           </indexterm>
@@ -507,8 +533,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="pwunconv">
         <term><command>pwunconv</command></term>
         <listitem>
-          <para>Updates <filename>/etc/passwd</filename> from
-          <filename>/etc/shadow</filename> and then deletes the latter</para>
+          <para>根据 <filename>/etc/shadow</filename> 更新
+          <filename>/etc/shadow</filename> 并删除前者</para>
           <indexterm zone="ch-system-shadow pwunconv">
             <primary sortas="b-pwunconv">pwunconv</primary>
           </indexterm>
@@ -518,8 +544,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="sg">
         <term><command>sg</command></term>
         <listitem>
-          <para>Executes a given command while the user's GID
-          is set to that of the given group</para>
+          <para>在用户 GID 设为给定组 ID 的情况下,执行给定命令</para>
           <indexterm zone="ch-system-shadow sg">
             <primary sortas="b-sg">sg</primary>
           </indexterm>
@@ -529,7 +554,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="su">
         <term><command>su</command></term>
         <listitem>
-          <para>Runs a shell with substitute user and group IDs</para>
+          <para>用替换的用户和组 ID 运行 shell</para>
           <indexterm zone="ch-system-shadow su">
             <primary sortas="b-su">su</primary>
           </indexterm>
@@ -539,8 +564,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="useradd">
         <term><command>useradd</command></term>
         <listitem>
-          <para>Creates a new user with the given name, or updates the default
-          new-user information</para>
+          <para>以指定名称创建新用户,或更新新用户默认信息</para>
           <indexterm zone="ch-system-shadow useradd">
             <primary sortas="b-useradd">useradd</primary>
           </indexterm>
@@ -550,7 +574,7 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="userdel">
         <term><command>userdel</command></term>
         <listitem>
-          <para>Deletes the given user account</para>
+          <para>删除给定用户</para>
           <indexterm zone="ch-system-shadow userdel">
             <primary sortas="b-userdel">userdel</primary>
           </indexterm>
@@ -560,8 +584,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="usermod">
         <term><command>usermod</command></term>
         <listitem>
-          <para>Is used to modify the given user's login name, User
-          Identification (UID), shell, initial group, home directory, etc.</para>
+          <para>修改给定用户的登录名称、用户 ID、shell、初始组、
+          home 目录等信息</para>
           <indexterm zone="ch-system-shadow usermod">
             <primary sortas="b-usermod">usermod</primary>
           </indexterm>
@@ -571,8 +595,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="vigr">
         <term><command>vigr</command></term>
         <listitem>
-          <para>Edits the <filename>/etc/group</filename> or
-          <filename>/etc/gshadow</filename> files</para>
+          <para>编辑 <filename>/etc/group</filename> 或
+          <filename>/etc/gshadow</filename> 文件</para>
           <indexterm zone="ch-system-shadow vigr">
             <primary sortas="b-vigr">vigr</primary>
           </indexterm>
@@ -582,8 +606,8 @@ ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> -->
       <varlistentry id="vipw">
         <term><command>vipw</command></term>
         <listitem>
-          <para>Edits the <filename>/etc/passwd</filename> or
-          <filename>/etc/shadow</filename> files</para>
+          <para>编辑 <filename>/etc/passwd</filename> 或
+          <filename>/etc/shadow</filename> 文件</para>
           <indexterm zone="ch-system-shadow vipw">
             <primary sortas="b-vipw">vipw</primary>
           </indexterm>