Shadow: Difference between revisions
From CBLFS
Jump to navigationJump to search
I added the package description from BLFS. |
I completed the "Contents" section. |
||
| Line 159: | Line 159: | ||
==Contents== | ==Contents== | ||
{| style="text-align: left;" | |||
|- | |||
! '''Installed Programs:''' | |||
|login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw | |||
|- | |||
! '''Installed Libraries:''' | |||
| libshadow.{so,la,a} | |||
|- | |||
! '''Installed Directories:''' | |||
| /etc/pam.d | |||
|} | |||
=== Short Descriptions === | |||
{| style="text-align: left;" | |||
|- | |||
! '''expiry''' | |||
| Checks and enforces the current password expiration policy | |||
|- | |||
! '''faillog''' | |||
| Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count | |||
|- | |||
! '''gpasswd''' | |||
| Is used to add and delete members and administrators to groups | |||
|- | |||
! '''groupadd''' | |||
| Creates a group with the given name | |||
|- | |||
! '''groupdel''' | |||
| Deletes the group with the given name | |||
|- | |||
! '''groupmod''' | |||
| Is used to modify the given group's name or GID | |||
|- | |||
! '''grpck''' | |||
| Verifies the integrity of the group files /etc/group and /etc/gshadow | |||
|- | |||
! '''grpconv''' | |||
| Creates or updates the shadow group file from the normal group file | |||
|- | |||
! '''grpunconv''' | |||
| Updates /etc/group from /etc/gshadow and then deletes the latter | |||
|- | |||
! '''lastlog''' | |||
| Reports the most recent login of all users or of a given user | |||
|- | |||
! '''login''' | |||
| Is used by the system to let users sign on | |||
|- | |||
! '''logoutd''' | |||
| Is a daemon used to enforce restrictions on log-on time and ports | |||
|- | |||
! '''newgrp''' | |||
| Is used to change the current GID during a login session | |||
|- | |||
! '''newusers''' | |||
| Is used to create or update an entire series of user accounts | |||
|- | |||
! '''nologin''' | |||
| Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled | |||
|- | |||
! '''passwd''' | |||
| Is used to change the password for a user or group account | |||
|- | |||
! '''pwck''' | |||
| Verifies the integrity of the password files /etc/passwd and /etc/shadow | |||
|- | |||
! '''pwconv''' | |||
| Creates or updates the shadow password file from the normal password file | |||
|- | |||
! '''pwunconv''' | |||
| Updates /etc/passwd from /etc/shadow and then deletes the latter | |||
|- | |||
! '''sg''' | |||
| Executes a given command while the user's GID is set to that of the given group | |||
|- | |||
! '''su''' | |||
| Runs a shell with substitute user and group IDs | |||
|- | |||
! '''useradd''' | |||
| Creates a new user with the given name, or updates the default new-user information | |||
|- | |||
! '''userdel''' | |||
| Deletes the given user account | |||
|- | |||
! '''usermod''' | |||
| Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. | |||
|- | |||
! '''vigr''' | |||
| Edits the /etc/group or /etc/gshadow files | |||
|- | |||
! '''vipw''' | |||
| Edits the /etc/passwd or /etc/shadow files | |||
|- | |||
! '''libshadow.{so,la,a}''' | |||
| Contains functions used by most programs in this package | |||
|} | |||
Revision as of 15:44, 7 December 2006
Introduction to Shadow
Shadow was indeed installed in CLFS and there is no reason to reinstall it unless you installed CrackLib or Linux-PAM after your CLFS system was completed. If you have installed CrackLib after CLFS, then reinstalling Shadow will enable strong password support. If you have installed Linux-PAM, reinstalling Shadow will allow programs such as login and su to utilize PAM.
Dependencies
Optional
Non-Multilib
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch && ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \ --without-audit --without-selinux --with-libcrack --with-libpam && sed -i 's/groups$(EXEEXT) //' src/Makefile && sed -i '/groups/d' man/Makefile && make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so &&
install -d /etc/default
Setup Configuration files:
This section makes sure login.defs is compatible with PAM
cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done
/etc/default/useradd
With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.
cat > /etc/default/useradd << "EOF" HOME=/home INACTIVE=-1 SHELL=/bin/bash CREATE_MAIL_SPOOL=no EOF
Multilib
32Bit
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD32}" ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so
N32
Configure and compile the package:
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILDN32}" ./configure --libdir=/lib32 -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib32/libshadow.{a,la} /usr/lib32 &&
rm /lib32/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libshadow.so
64Bit
patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD64}" ./configure --libdir=/lib64 -sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Install the package:
make install &&
mv /usr/bin/passwd /bin &&
mv /lib64/libshadow.{a,la} /usr/lib64 &&
rm /lib64/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libshadow.so
install -d /etc/default
Setup Configuration files:
cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done
/etc/default/useradd
With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.
cat > /etc/default/useradd << "EOF" HOME=/home INACTIVE=-1 SHELL=/bin/bash CREATE_MAIL_SPOOL=no EOF
Contents
| Download Source: | ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.18.1.tar.bz2 |
|---|---|
| Download Patch: | http://svn.cross-lfs.org/svn/repos/cross-lfs/trunk/patches/shadow-4.0.18.1-useradd_fix-1.patch |
| Installed Programs: | login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw |
|---|---|
| Installed Libraries: | libshadow.{so,la,a} |
| Installed Directories: | /etc/pam.d |
Short Descriptions
| expiry | Checks and enforces the current password expiration policy |
|---|---|
| faillog | Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count |
| gpasswd | Is used to add and delete members and administrators to groups |
| groupadd | Creates a group with the given name |
| groupdel | Deletes the group with the given name |
| groupmod | Is used to modify the given group's name or GID |
| grpck | Verifies the integrity of the group files /etc/group and /etc/gshadow |
| grpconv | Creates or updates the shadow group file from the normal group file |
| grpunconv | Updates /etc/group from /etc/gshadow and then deletes the latter |
| lastlog | Reports the most recent login of all users or of a given user |
| login | Is used by the system to let users sign on |
| logoutd | Is a daemon used to enforce restrictions on log-on time and ports |
| newgrp | Is used to change the current GID during a login session |
| newusers | Is used to create or update an entire series of user accounts |
| nologin | Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled |
| passwd | Is used to change the password for a user or group account |
| pwck | Verifies the integrity of the password files /etc/passwd and /etc/shadow |
| pwconv | Creates or updates the shadow password file from the normal password file |
| pwunconv | Updates /etc/passwd from /etc/shadow and then deletes the latter |
| sg | Executes a given command while the user's GID is set to that of the given group |
| su | Runs a shell with substitute user and group IDs |
| useradd | Creates a new user with the given name, or updates the default new-user information |
| userdel | Deletes the given user account |
| usermod | Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc. |
| vigr | Edits the /etc/group or /etc/gshadow files |
| vipw | Edits the /etc/passwd or /etc/shadow files |
| libshadow.{so,la,a} | Contains functions used by most programs in this package |
