From fcc027677da55c41dcaea045f5b9ff8b088e6495 Mon Sep 17 00:00:00 2001 From: Bruce Dubbs Date: Sun, 7 Jun 2020 20:16:00 +0000 Subject: Initial commit of alternative cross LFS git-svn-id: http://svn.linuxfromscratch.org/LFS/branches/cross2@11897 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689 --- chapter06/shadow.xml | 608 --------------------------------------------------- 1 file changed, 608 deletions(-) delete mode 100644 chapter06/shadow.xml (limited to 'chapter06/shadow.xml') diff --git a/chapter06/shadow.xml b/chapter06/shadow.xml deleted file mode 100644 index 425112cbd..000000000 --- a/chapter06/shadow.xml +++ /dev/null @@ -1,608 +0,0 @@ - - - %general-entities; -]> - - - - - - shadow - &shadow-version; -
&shadow-url;
- - - Shadow-&shadow-version; - - - Shadow - - - - - - <para>The Shadow package contains programs for handling passwords in a secure - way.</para> - - <segmentedlist> - <segtitle>&buildtime;</segtitle> - <segtitle>&diskspace;</segtitle> - - <seglistitem> - <seg>&shadow-ch6-sbu;</seg> - <seg>&shadow-ch6-du;</seg> - </seglistitem> - </segmentedlist> - - </sect2> - - <sect2 role="installation"> - <title>Installation of Shadow - - - If you would like to enforce the use of strong passwords, refer to - for installing - CrackLib prior to building Shadow. Then add - --with-libcrack to the configure - command below. - - - Disable the installation of the groups program - and its man pages, as Coreutils provides a better version. Also, - prevent the installation of manual pages that were already installed in - : - -sed -i 's/groups$(EXEEXT) //' src/Makefile.in -find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; -find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \; -find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \; - - Instead of using the default - crypt method, use the more secure - SHA-512 method of password encryption, which also - allows passwords longer than 8 characters. It is also necessary to change - the obsolete /var/spool/mail location - for user mailboxes that Shadow uses by default to the /var/mail location used currently: - -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ - -e 's@/var/spool/mail@/var/mail@' etc/login.defs - - - If you chose to build Shadow with Cracklib support, run the following: - -sed -i 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' etc/login.defs - - - Make a minor change to make the first group number generated - by useradd 1000: - -sed -i 's/1000/999/' etc/useradd - - Prepare Shadow for compilation: - -touch /usr/bin/passwd -./configure --sysconfdir=/etc \ - --with-group-name-max-length=32 - - - The meaning of the configure option: - - - touch /usr/bin/passwd - - The file /usr/bin/passwd needs - to exist because its location is harcoded in some programs, and - the default location if it does not exist is not right. - - - - --with-group-name-max-length=32 - - The maximum user name is 32 characters. Make the maximum - group name the same. - - - - - - Compile the package: - -make - - This package does not come with a test suite. - - Install the package: - -make install - - - - - - - - Configuring Shadow - - - Shadow - configuring - - - This package contains utilities to add, modify, and delete users and - groups; set and change their passwords; and perform other administrative - tasks. For a full explanation of what password shadowing - means, see the doc/HOWTO file within the unpacked - source tree. If using Shadow support, keep in mind that programs which need - to verify passwords (display managers, FTP programs, pop3 daemons, etc.) - must be Shadow-compliant. That is, they need to be able to work with - shadowed passwords. - - To enable shadowed passwords, run the following command: - -pwconv - - To enable shadowed group passwords, run: - -grpconv - - Shadow's stock configuration for the useradd - utility has a few caveats that need some explanation. First, the default - action for the useradd utility is to create the user and - a group of the same name as the user. By default the user ID (UID) and - group ID (GID) numbers will begin with 1000. This means if you don't pass - parameters to useradd, each user will be a member of a - unique group on the system. If this behavior is undesirable, you'll need - to pass the -g parameter to - useradd. The default parameters are stored in the - /etc/default/useradd file. You may need to modify two - parameters in this file to suit your particular needs. - - - <filename>/etc/default/useradd</filename> Parameter Explanations - - - GROUP=1000 - - This parameter sets the beginning of the group numbers used in - the /etc/group file. You can modify it to anything you desire. Note - that useradd will never reuse a UID or GID. If the - number identified in this parameter is used, it will use the next - available number after this. Note also that if you don't have a group - 1000 on your system the first time you use useradd - without the -g parameter, you'll get a message - displayed on the terminal that says: - useradd: unknown GID 1000. You may - disregard this message and group number 1000 will be used. - - - - CREATE_MAIL_SPOOL=yes - - This parameter causes useradd to create a - mailbox file for the newly created user. useradd - will make the group ownership of this file to the - mail group with 0660 - permissions. If you would prefer that these mailbox files are not - created by useradd, issue the following - command: - -sed -i 's/yes/no/' /etc/default/useradd - - - - - - - - - - Setting the root password - - Choose a password for user root and set it - by running: - -passwd root - - - - - Contents of Shadow - - - Installed programs - Installed directory - - - chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog, gpasswd, - groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, - lastlog, login, logoutd, newgidmap, newgrp, newuidmap, newusers, - nologin, passwd, pwck, pwconv, pwunconv, sg (link to newgrp), su, - useradd, userdel, usermod, vigr (link to vipw), and vipw - /etc/default - - - - - Short Descriptions - - - - - chage - - Used to change the maximum number of days between obligatory - password changes - - chage - - - - - - chfn - - Used to change a user's full name and other information - - chfn - - - - - - chgpasswd - - Used to update group passwords in batch mode - - chgpasswd - - - - - - chpasswd - - Used to update user passwords in batch mode - - chpasswd - - - - - - chsh - - Used to change a user's default login shell - - chsh - - - - - - expiry - - Checks and enforces the current password expiration policy - - expiry - - - - - - faillog - - Is used to examine the log of login failures, to set a maximum - number of failures before an account is blocked, or to reset the - failure count - - faillog - - - - - - gpasswd - - Is used to add and delete members and administrators to - groups - - gpasswd - - - - - - groupadd - - Creates a group with the given name - - groupadd - - - - - - groupdel - - Deletes the group with the given name - - groupdel - - - - - - groupmems - - Allows a user to administer his/her own group membership list - without the requirement of super user privileges. - - groupmems - - - - - - groupmod - - Is used to modify the given group's name or GID - - groupmod - - - - - - grpck - - Verifies the integrity of the group files - /etc/group and - /etc/gshadow - - grpck - - - - - - grpconv - - Creates or updates the shadow group file from the normal - group file - - grpconv - - - - - - grpunconv - - Updates /etc/group from - /etc/gshadow and then deletes the latter - - grpunconv - - - - - - lastlog - - Reports the most recent login of all users or of a - given user - - lastlog - - - - - - login - - Is used by the system to let users sign on - - login - - - - - - logoutd - - Is a daemon used to enforce restrictions on log-on time - and ports - - logoutd - - - - - - newgidmap - - Is used to set the gid mapping of a user namespace - - newgidmap - - - - - - newgrp - - Is used to change the current GID during a login session - - newgrp - - - - - - newuidmap - - Is used to set the uid mapping of a user namespace - - newuidmap - - - - - - newusers - - Is used to create or update an entire series of user - accounts - - newusers - - - - - - nologin - - Displays a message that an account is not available; it is designed - to be used as the default shell for accounts that have been - disabled - - nologin - - - - - - passwd - - Is used to change the password for a user or group account - - passwd - - - - - - pwck - - Verifies the integrity of the password files - /etc/passwd and - /etc/shadow - - pwck - - - - - - pwconv - - Creates or updates the shadow password file from the normal - password file - - pwconv - - - - - - pwunconv - - Updates /etc/passwd from - /etc/shadow and then deletes the latter - - pwunconv - - - - - - sg - - Executes a given command while the user's GID - is set to that of the given group - - sg - - - - - - su - - Runs a shell with substitute user and group IDs - - su - - - - - - useradd - - Creates a new user with the given name, or updates the default - new-user information - - useradd - - - - - - userdel - - Deletes the given user account - - userdel - - - - - - usermod - - Is used to modify the given user's login name, User - Identification (UID), shell, initial group, home directory, etc. - - usermod - - - - - - vigr - - Edits the /etc/group or - /etc/gshadow files - - vigr - - - - - - vipw - - Edits the /etc/passwd or - /etc/shadow files - - vipw - - - - - - - - - -- cgit v1.2.3-54-g00ecf