Difference between revisions of "Shadow"
From CBLFS
Jump to navigationJump to search (I completed the "Contents" section.) |
m (I fixed the vertical alignment on the tables.) |
||
| Line 1: | Line 1: | ||
{| style="text-align: left; background-color: AliceBlue;" | {| style="text-align: left; background-color: AliceBlue;" | ||
| − | |- | + | |-valign="top" |
!Download Source: | !Download Source: | ||
| ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.18.1.tar.bz2 | | ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.18.1.tar.bz2 | ||
| − | |- | + | |-valign="top" |
!Download Patch: | !Download Patch: | ||
| http://svn.cross-lfs.org/svn/repos/cross-lfs/trunk/patches/shadow-4.0.18.1-useradd_fix-1.patch | | http://svn.cross-lfs.org/svn/repos/cross-lfs/trunk/patches/shadow-4.0.18.1-useradd_fix-1.patch | ||
| − | |- | + | |-valign="top" |
|-|} | |-|} | ||
| Line 160: | Line 160: | ||
{| style="text-align: left;" | {| style="text-align: left;" | ||
| − | |- | + | |-valign="top" |
! '''Installed Programs:''' | ! '''Installed Programs:''' | ||
|login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw | |login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw | ||
| − | |- | + | |-valign="top" |
! '''Installed Libraries:''' | ! '''Installed Libraries:''' | ||
| libshadow.{so,la,a} | | libshadow.{so,la,a} | ||
| − | |- | + | |-valign="top" |
! '''Installed Directories:''' | ! '''Installed Directories:''' | ||
| /etc/pam.d | | /etc/pam.d | ||
| Line 174: | Line 174: | ||
{| style="text-align: left;" | {| style="text-align: left;" | ||
| − | |- | + | |-valign="top" |
! '''expiry''' | ! '''expiry''' | ||
| Checks and enforces the current password expiration policy | | Checks and enforces the current password expiration policy | ||
| − | |- | + | |-valign="top" |
! '''faillog''' | ! '''faillog''' | ||
| Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count | | Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count | ||
| − | |- | + | |-valign="top" |
! '''gpasswd''' | ! '''gpasswd''' | ||
| Is used to add and delete members and administrators to groups | | Is used to add and delete members and administrators to groups | ||
| − | |- | + | |-valign="top" |
! '''groupadd''' | ! '''groupadd''' | ||
| Creates a group with the given name | | Creates a group with the given name | ||
| − | |- | + | |-valign="top" |
! '''groupdel''' | ! '''groupdel''' | ||
| Deletes the group with the given name | | Deletes the group with the given name | ||
| − | |- | + | |-valign="top" |
! '''groupmod''' | ! '''groupmod''' | ||
| Is used to modify the given group's name or GID | | Is used to modify the given group's name or GID | ||
| − | |- | + | |-valign="top" |
! '''grpck''' | ! '''grpck''' | ||
| Verifies the integrity of the group files /etc/group and /etc/gshadow | | Verifies the integrity of the group files /etc/group and /etc/gshadow | ||
| − | |- | + | |-valign="top" |
! '''grpconv''' | ! '''grpconv''' | ||
| Creates or updates the shadow group file from the normal group file | | Creates or updates the shadow group file from the normal group file | ||
| − | |- | + | |-valign="top" |
! '''grpunconv''' | ! '''grpunconv''' | ||
| Updates /etc/group from /etc/gshadow and then deletes the latter | | Updates /etc/group from /etc/gshadow and then deletes the latter | ||
| − | |- | + | |-valign="top" |
! '''lastlog''' | ! '''lastlog''' | ||
| Reports the most recent login of all users or of a given user | | Reports the most recent login of all users or of a given user | ||
| − | |- | + | |-valign="top" |
! '''login''' | ! '''login''' | ||
| Is used by the system to let users sign on | | Is used by the system to let users sign on | ||
| − | |- | + | |-valign="top" |
! '''logoutd''' | ! '''logoutd''' | ||
| Is a daemon used to enforce restrictions on log-on time and ports | | Is a daemon used to enforce restrictions on log-on time and ports | ||
| − | |- | + | |-valign="top" |
! '''newgrp''' | ! '''newgrp''' | ||
| Is used to change the current GID during a login session | | Is used to change the current GID during a login session | ||
| − | |- | + | |-valign="top" |
! '''newusers''' | ! '''newusers''' | ||
| Is used to create or update an entire series of user accounts | | Is used to create or update an entire series of user accounts | ||
| − | |- | + | |-valign="top" |
! '''nologin''' | ! '''nologin''' | ||
| Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled | | Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled | ||
| − | |- | + | |-valign="top" |
! '''passwd''' | ! '''passwd''' | ||
| Is used to change the password for a user or group account | | Is used to change the password for a user or group account | ||
| − | |- | + | |-valign="top" |
! '''pwck''' | ! '''pwck''' | ||
| Verifies the integrity of the password files /etc/passwd and /etc/shadow | | Verifies the integrity of the password files /etc/passwd and /etc/shadow | ||
| − | |- | + | |-valign="top" |
! '''pwconv''' | ! '''pwconv''' | ||
| Creates or updates the shadow password file from the normal password file | | Creates or updates the shadow password file from the normal password file | ||
| − | |- | + | |-valign="top" |
! '''pwunconv''' | ! '''pwunconv''' | ||
| Updates /etc/passwd from /etc/shadow and then deletes the latter | | Updates /etc/passwd from /etc/shadow and then deletes the latter | ||
| − | |- | + | |-valign="top" |
! '''sg''' | ! '''sg''' | ||
| Executes a given command while the user's GID is set to that of the given group | | Executes a given command while the user's GID is set to that of the given group | ||
| − | |- | + | |-valign="top" |
! '''su''' | ! '''su''' | ||
| Runs a shell with substitute user and group IDs | | Runs a shell with substitute user and group IDs | ||
| − | |- | + | |-valign="top" |
! '''useradd''' | ! '''useradd''' | ||
| Creates a new user with the given name, or updates the default new-user information | | Creates a new user with the given name, or updates the default new-user information | ||
| − | |- | + | |-valign="top" |
! '''userdel''' | ! '''userdel''' | ||
| Deletes the given user account | | Deletes the given user account | ||
| − | |- | + | |-valign="top" |
! '''usermod''' | ! '''usermod''' | ||
| Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. | | Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. | ||
| − | |- | + | |-valign="top" |
! '''vigr''' | ! '''vigr''' | ||
| Edits the /etc/group or /etc/gshadow files | | Edits the /etc/group or /etc/gshadow files | ||
| − | |- | + | |-valign="top" |
! '''vipw''' | ! '''vipw''' | ||
| Edits the /etc/passwd or /etc/shadow files | | Edits the /etc/passwd or /etc/shadow files | ||
| − | |- | + | |-valign="top" |
! '''libshadow.{so,la,a}''' | ! '''libshadow.{so,la,a}''' | ||
| Contains functions used by most programs in this package | | Contains functions used by most programs in this package | ||
|} | |} | ||
Revision as of 22:30, 5 January 2007
Contents
Introduction to Shadow
Shadow was indeed installed in CLFS and there is no reason to reinstall it unless you installed CrackLib or Linux-PAM after your CLFS system was completed. If you have installed CrackLib after CLFS, then reinstalling Shadow will enable strong password support. If you have installed Linux-PAM, reinstalling Shadow will allow programs such as login and su to utilize PAM.
Dependencies
Optional
Non-Multilib
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch && ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \ --without-audit --without-selinux --with-libcrack --with-libpam && sed -i 's/groups$(EXEEXT) //' src/Makefile && sed -i '/groups/d' man/Makefile && make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so &&
install -d /etc/default
Setup Configuration files:
This section makes sure login.defs is compatible with PAM
cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done
/etc/default/useradd
With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.
cat > /etc/default/useradd << "EOF" HOME=/home INACTIVE=-1 SHELL=/bin/bash CREATE_MAIL_SPOOL=no EOF
Multilib
32Bit
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD32}" ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so
N32
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILDN32}" ./configure --libdir=/lib32 -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib32/libshadow.{a,la} /usr/lib32 &&
rm /lib32/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libshadow.so
64Bit
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD64}" ./configure --libdir=/lib64 -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib64/libshadow.{a,la} /usr/lib64 &&
rm /lib64/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libshadow.so
install -d /etc/default
Setup Configuration files:
cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done
/etc/default/useradd
With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.
cat > /etc/default/useradd << "EOF" HOME=/home INACTIVE=-1 SHELL=/bin/bash CREATE_MAIL_SPOOL=no EOF
Contents
| Download Source: | ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.18.1.tar.bz2 |
|---|---|
| Download Patch: | http://svn.cross-lfs.org/svn/repos/cross-lfs/trunk/patches/shadow-4.0.18.1-useradd_fix-1.patch |
| Installed Programs: | login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw |
|---|---|
| Installed Libraries: | libshadow.{so,la,a} |
| Installed Directories: | /etc/pam.d |
Short Descriptions
| expiry | Checks and enforces the current password expiration policy |
|---|---|
| faillog | Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count |
| gpasswd | Is used to add and delete members and administrators to groups |
| groupadd | Creates a group with the given name |
| groupdel | Deletes the group with the given name |
| groupmod | Is used to modify the given group's name or GID |
| grpck | Verifies the integrity of the group files /etc/group and /etc/gshadow |
| grpconv | Creates or updates the shadow group file from the normal group file |
| grpunconv | Updates /etc/group from /etc/gshadow and then deletes the latter |
| lastlog | Reports the most recent login of all users or of a given user |
| login | Is used by the system to let users sign on |
| logoutd | Is a daemon used to enforce restrictions on log-on time and ports |
| newgrp | Is used to change the current GID during a login session |
| newusers | Is used to create or update an entire series of user accounts |
| nologin | Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled |
| passwd | Is used to change the password for a user or group account |
| pwck | Verifies the integrity of the password files /etc/passwd and /etc/shadow |
| pwconv | Creates or updates the shadow password file from the normal password file |
| pwunconv | Updates /etc/passwd from /etc/shadow and then deletes the latter |
| sg | Executes a given command while the user's GID is set to that of the given group |
| su | Runs a shell with substitute user and group IDs |
| useradd | Creates a new user with the given name, or updates the default new-user information |
| userdel | Deletes the given user account |
| usermod | Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. |
| vigr | Edits the /etc/group or /etc/gshadow files |
| vipw | Edits the /etc/passwd or /etc/shadow files |
| libshadow.{so,la,a} | Contains functions used by most programs in this package |
