Difference between revisions of "Shadow"
From CBLFS
Jump to navigationJump to search (I added the package description from BLFS.) |
(I completed the "Contents" section.) |
||
| Line 159: | Line 159: | ||
==Contents== | ==Contents== | ||
| − | + | {| style="text-align: left;" | |
| − | + | |- | |
| − | + | ! '''Installed Programs:''' | |
| + | |login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw | ||
| + | |- | ||
| + | ! '''Installed Libraries:''' | ||
| + | | libshadow.{so,la,a} | ||
| + | |- | ||
| + | ! '''Installed Directories:''' | ||
| + | | /etc/pam.d | ||
| + | |} | ||
| + | |||
| + | === Short Descriptions === | ||
| + | |||
| + | {| style="text-align: left;" | ||
| + | |- | ||
| + | ! '''expiry''' | ||
| + | | Checks and enforces the current password expiration policy | ||
| + | |- | ||
| + | ! '''faillog''' | ||
| + | | Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count | ||
| + | |- | ||
| + | ! '''gpasswd''' | ||
| + | | Is used to add and delete members and administrators to groups | ||
| + | |- | ||
| + | ! '''groupadd''' | ||
| + | | Creates a group with the given name | ||
| + | |- | ||
| + | ! '''groupdel''' | ||
| + | | Deletes the group with the given name | ||
| + | |- | ||
| + | ! '''groupmod''' | ||
| + | | Is used to modify the given group's name or GID | ||
| + | |- | ||
| + | ! '''grpck''' | ||
| + | | Verifies the integrity of the group files /etc/group and /etc/gshadow | ||
| + | |- | ||
| + | ! '''grpconv''' | ||
| + | | Creates or updates the shadow group file from the normal group file | ||
| + | |- | ||
| + | ! '''grpunconv''' | ||
| + | | Updates /etc/group from /etc/gshadow and then deletes the latter | ||
| + | |- | ||
| + | ! '''lastlog''' | ||
| + | | Reports the most recent login of all users or of a given user | ||
| + | |- | ||
| + | ! '''login''' | ||
| + | | Is used by the system to let users sign on | ||
| + | |- | ||
| + | ! '''logoutd''' | ||
| + | | Is a daemon used to enforce restrictions on log-on time and ports | ||
| + | |- | ||
| + | ! '''newgrp''' | ||
| + | | Is used to change the current GID during a login session | ||
| + | |- | ||
| + | ! '''newusers''' | ||
| + | | Is used to create or update an entire series of user accounts | ||
| + | |- | ||
| + | ! '''nologin''' | ||
| + | | Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled | ||
| + | |- | ||
| + | ! '''passwd''' | ||
| + | | Is used to change the password for a user or group account | ||
| + | |- | ||
| + | ! '''pwck''' | ||
| + | | Verifies the integrity of the password files /etc/passwd and /etc/shadow | ||
| + | |- | ||
| + | ! '''pwconv''' | ||
| + | | Creates or updates the shadow password file from the normal password file | ||
| + | |- | ||
| + | ! '''pwunconv''' | ||
| + | | Updates /etc/passwd from /etc/shadow and then deletes the latter | ||
| + | |- | ||
| + | ! '''sg''' | ||
| + | | Executes a given command while the user's GID is set to that of the given group | ||
| + | |- | ||
| + | ! '''su''' | ||
| + | | Runs a shell with substitute user and group IDs | ||
| + | |- | ||
| + | ! '''useradd''' | ||
| + | | Creates a new user with the given name, or updates the default new-user information | ||
| + | |- | ||
| + | ! '''userdel''' | ||
| + | | Deletes the given user account | ||
| + | |- | ||
| + | ! '''usermod''' | ||
| + | | Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. | ||
| + | |- | ||
| + | ! '''vigr''' | ||
| + | | Edits the /etc/group or /etc/gshadow files | ||
| + | |- | ||
| + | ! '''vipw''' | ||
| + | | Edits the /etc/passwd or /etc/shadow files | ||
| + | |- | ||
| + | ! '''libshadow.{so,la,a}''' | ||
| + | | Contains functions used by most programs in this package | ||
| + | |} | ||
Revision as of 15:44, 7 December 2006
Contents
Introduction to Shadow
Shadow was indeed installed in CLFS and there is no reason to reinstall it unless you installed CrackLib or Linux-PAM after your CLFS system was completed. If you have installed CrackLib after CLFS, then reinstalling Shadow will enable strong password support. If you have installed Linux-PAM, reinstalling Shadow will allow programs such as login and su to utilize PAM.
Dependencies
Optional
Non-Multilib
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch && ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \ --without-audit --without-selinux --with-libcrack --with-libpam && sed -i 's/groups$(EXEEXT) //' src/Makefile && sed -i '/groups/d' man/Makefile && make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so &&
install -d /etc/default
Setup Configuration files:
This section makes sure login.defs is compatible with PAM
cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done
/etc/default/useradd
With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.
cat > /etc/default/useradd << "EOF" HOME=/home INACTIVE=-1 SHELL=/bin/bash CREATE_MAIL_SPOOL=no EOF
Multilib
32Bit
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD32}" ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so
N32
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILDN32}" ./configure --libdir=/lib32 -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib32/libshadow.{a,la} /usr/lib32 &&
rm /lib32/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libshadow.so
64Bit
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD64}" ./configure --libdir=/lib64 -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib64/libshadow.{a,la} /usr/lib64 &&
rm /lib64/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libshadow.so
install -d /etc/default
Setup Configuration files:
cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done
/etc/default/useradd
With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.
cat > /etc/default/useradd << "EOF" HOME=/home INACTIVE=-1 SHELL=/bin/bash CREATE_MAIL_SPOOL=no EOF
Contents
| Download Source: | ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.18.1.tar.bz2 |
|---|---|
| Download Patch: | http://svn.cross-lfs.org/svn/repos/cross-lfs/trunk/patches/shadow-4.0.18.1-useradd_fix-1.patch |
| Installed Programs: | login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw |
|---|---|
| Installed Libraries: | libshadow.{so,la,a} |
| Installed Directories: | /etc/pam.d |
Short Descriptions
| expiry | Checks and enforces the current password expiration policy |
|---|---|
| faillog | Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count |
| gpasswd | Is used to add and delete members and administrators to groups |
| groupadd | Creates a group with the given name |
| groupdel | Deletes the group with the given name |
| groupmod | Is used to modify the given group's name or GID |
| grpck | Verifies the integrity of the group files /etc/group and /etc/gshadow |
| grpconv | Creates or updates the shadow group file from the normal group file |
| grpunconv | Updates /etc/group from /etc/gshadow and then deletes the latter |
| lastlog | Reports the most recent login of all users or of a given user |
| login | Is used by the system to let users sign on |
| logoutd | Is a daemon used to enforce restrictions on log-on time and ports |
| newgrp | Is used to change the current GID during a login session |
| newusers | Is used to create or update an entire series of user accounts |
| nologin | Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled |
| passwd | Is used to change the password for a user or group account |
| pwck | Verifies the integrity of the password files /etc/passwd and /etc/shadow |
| pwconv | Creates or updates the shadow password file from the normal password file |
| pwunconv | Updates /etc/passwd from /etc/shadow and then deletes the latter |
| sg | Executes a given command while the user's GID is set to that of the given group |
| su | Runs a shell with substitute user and group IDs |
| useradd | Creates a new user with the given name, or updates the default new-user information |
| userdel | Deletes the given user account |
| usermod | Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. |
| vigr | Edits the /etc/group or /etc/gshadow files |
| vipw | Edits the /etc/passwd or /etc/shadow files |
| libshadow.{so,la,a} | Contains functions used by most programs in this package |
