Difference between revisions of "Shadow"

Revision as of 23:59, 5 January 2007

Introduction to Shadow

Shadow was indeed installed in CLFS and there is no reason to reinstall it unless you installed CrackLib or Linux-PAM after your CLFS system was completed. If you have installed CrackLib after CLFS, then reinstalling Shadow will enable strong password support. If you have installed Linux-PAM, reinstalling Shadow will allow programs such as login and su to utilize PAM.

Dependencies

Optional

Additional Configuration Options

--without-libpam: If you have not installed PAM Library, then use this flag instead of the with-libpam in the instructions below.

--with-libcrack: If you have not installed Cracklib, then remove this flag from the instructions below.

Non-Multilib

Configure and compile the package:

patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
./configure --libdir=/lib -sysconfdir=/etc --enable-shared \
  --without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile && 
sed -i '/groups/d' man/Makefile &&
make

Install the package:

make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so &&
install -d /etc/default

Setup Configuration files:

This section makes sure login.defs is compatible with PAM

cp etc/login.defs /etc/login.defs 
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
       -e 's@/var/spool/mail@/var/mail@' \
       -e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
           NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
           ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
           MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
           CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
     sed -i "s/^$function/# &/" /etc/login.defs
done

/etc/default/useradd

With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.

cat > /etc/default/useradd << "EOF"
HOME=/home
INACTIVE=-1
SHELL=/bin/bash
CREATE_MAIL_SPOOL=no
EOF

Multilib

32Bit

Configure and compile the package:

patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD32}" ./configure --libdir=/lib -sysconfdir=/etc --enable-shared \
  --without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile && 
sed -i '/groups/d' man/Makefile &&
make

Install the package:

make install &&
mv /usr/bin/passwd /bin &&
mv /lib/libshadow.{a,la} /usr/lib &&
rm /lib/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib/$LIBNAME /usr/lib/libshadow.so

N32

Configure and compile the package:

patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILDN32}" ./configure --libdir=/lib32 -sysconfdir=/etc --enable-shared \
  --without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile && 
sed -i '/groups/d' man/Makefile &&
make

Install the package:

make install &&
mv /usr/bin/passwd /bin &&
mv /lib32/libshadow.{a,la} /usr/lib32 &&
rm /lib32/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libshadow.so

64Bit

patch -Np1 -i ../shadow-4.0.18.1-useradd_fix-1.patch &&
CC="gcc ${BUILD64}" ./configure --libdir=/lib64 -sysconfdir=/etc --enable-shared \
  --without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile && 
sed -i '/groups/d' man/Makefile &&
make

Install the package:

make install &&
mv /usr/bin/passwd /bin &&
mv /lib64/libshadow.{a,la} /usr/lib64 &&
rm /lib64/libshadow.so &&
LIBNAME=`cat lib/libshadow.la | grep library_names | cut -f2 -d"'" | cut -f2 -d" "` &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libshadow.so
install -d /etc/default

Setup Configuration files:

cp etc/login.defs /etc/login.defs 
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
       -e 's@/var/spool/mail@/var/mail@' \
       -e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs
FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
           NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
           ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
           MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
           CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
     sed -i "s/^$function/# &/" /etc/login.defs
done

/etc/default/useradd

With the PAM configuration that is in CBLFS, this is the only information needed in /etc/default/useradd.

cat > /etc/default/useradd << "EOF"
HOME=/home
INACTIVE=-1
SHELL=/bin/bash
CREATE_MAIL_SPOOL=no
EOF

Installed Programs:	login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw
Installed Libraries:	libshadow.{so,la,a}
Installed Directories:	/etc/pam.d

Short Descriptions

expiry	Checks and enforces the current password expiration policy
faillog	Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count
gpasswd	Is used to add and delete members and administrators to groups
groupadd	Creates a group with the given name
groupdel	Deletes the group with the given name
groupmod	Is used to modify the given group's name or GID
grpck	Verifies the integrity of the group files /etc/group and /etc/gshadow
grpconv	Creates or updates the shadow group file from the normal group file
grpunconv	Updates /etc/group from /etc/gshadow and then deletes the latter
lastlog	Reports the most recent login of all users or of a given user
login	Is used by the system to let users sign on
logoutd	Is a daemon used to enforce restrictions on log-on time and ports
newgrp	Is used to change the current GID during a login session
newusers	Is used to create or update an entire series of user accounts
nologin	Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled
passwd	Is used to change the password for a user or group account
pwck	Verifies the integrity of the password files /etc/passwd and /etc/shadow
pwconv	Creates or updates the shadow password file from the normal password file
pwunconv	Updates /etc/passwd from /etc/shadow and then deletes the latter
sg	Executes a given command while the user's GID is set to that of the given group
su	Runs a shell with substitute user and group IDs
useradd	Creates a new user with the given name, or updates the default new-user information
userdel	Deletes the given user account
usermod	Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc.
vigr	Edits the /etc/group or /etc/gshadow files
vipw	Edits the /etc/passwd or /etc/shadow files
libshadow.{so,la,a}	Contains functions used by most programs in this package

@@ Line 18: / Line 18: @@
 *[[Cracklib]]
 *[[PAM Library]]
+== Additional Configuration Options ==
+''--without-libpam'': If you have not installed [[PAM Library]], then use this flag instead of the ''with-libpam'' in the instructions below.
+''--with-libcrack'': If you have not installed [[Cracklib]], then remove this flag from the instructions below.
 == Non-Multilib ==
@@ Line 161: / Line 167: @@
 {| style="text-align: left;"
 |-valign="top"
-! '''Installed Programs:'''
+! Installed Programs:
 |login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw
 |-valign="top"
-! '''Installed Libraries:'''
+! Installed Libraries:
 | libshadow.{so,la,a}
 |-valign="top"
-! '''Installed Directories:'''
+! Installed Directories:
 | /etc/pam.d
 |}
@@ Line 175: / Line 181: @@
 {| style="text-align: left;"
 |-valign="top"
-! '''expiry'''
+! expiry
 | Checks and enforces the current password expiration policy
 |-valign="top"
-! '''faillog'''
+! faillog
 | Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count
 |-valign="top"
-! '''gpasswd'''
+! gpasswd
 | Is used to add and delete members and administrators to groups
 |-valign="top"
-! '''groupadd'''
+! groupadd
 | Creates a group with the given name
 |-valign="top"
-! '''groupdel'''
+! groupdel
 | Deletes the group with the given name
 |-valign="top"
-! '''groupmod'''
+! groupmod
 | Is used to modify the given group's name or GID
 |-valign="top"
-! '''grpck'''
+! grpck
 | Verifies the integrity of the group files /etc/group and /etc/gshadow
 |-valign="top"
-! '''grpconv'''
+! grpconv
 | Creates or updates the shadow group file from the normal group file
 |-valign="top"
-! '''grpunconv'''
+! grpunconv
 | Updates /etc/group from /etc/gshadow and then deletes the latter
 |-valign="top"
-! '''lastlog'''
+! lastlog
 | Reports the most recent login of all users or of a given user
 |-valign="top"
-! '''login'''
+! login
 | Is used by the system to let users sign on
 |-valign="top"
-! '''logoutd'''
+! logoutd
 | Is a daemon used to enforce restrictions on log-on time and ports
 |-valign="top"
-! '''newgrp'''
+! newgrp
 | Is used to change the current GID during a login session
 |-valign="top"
-! '''newusers'''
+! newusers
 | Is used to create or update an entire series of user accounts
 |-valign="top"
-! '''nologin'''
+! nologin
 | Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled
 |-valign="top"
-! '''passwd'''
+! passwd
 | Is used to change the password for a user or group account
 |-valign="top"
-! '''pwck'''
+! pwck
 | Verifies the integrity of the password files /etc/passwd and /etc/shadow
 |-valign="top"
-! '''pwconv'''
+! pwconv
 | Creates or updates the shadow password file from the normal password file
 |-valign="top"
-! '''pwunconv'''
+! pwunconv
 | Updates /etc/passwd from /etc/shadow and then deletes the latter
 |-valign="top"
-! '''sg'''
+! sg
 | Executes a given command while the user's GID is set to that of the given group
 |-valign="top"
-! '''su'''
+! su
 | Runs a shell with substitute user and group IDs
 |-valign="top"
-! '''useradd'''
+! useradd
 | Creates a new user with the given name, or updates the default new-user information
 |-valign="top"
-! '''userdel'''
+! userdel
 | Deletes the given user account
 |-valign="top"
-! '''usermod'''
+! usermod
 | Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc.
 |-valign="top"
-! '''vigr'''
+! vigr
 | Edits the /etc/group or /etc/gshadow files
 |-valign="top"
-! '''vipw'''
+! vipw
 | Edits the /etc/passwd or /etc/shadow files
 |-valign="top"
-! '''libshadow.{so,la,a}'''
+! libshadow.{so,la,a}
 | Contains functions used by most programs in this package
 |}

Download Source:	ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.18.1.tar.bz2
Download Patch:	http://svn.cross-lfs.org/svn/repos/cross-lfs/trunk/patches/shadow-4.0.18.1-useradd_fix-1.patch

Difference between revisions of "Shadow"

Revision as of 23:59, 5 January 2007

Contents

Introduction to Shadow

Dependencies

Optional

Additional Configuration Options

Non-Multilib

/etc/default/useradd

Multilib

32Bit

N32

64Bit

/etc/default/useradd

Contents

Short Descriptions

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools