Changeset cacd76ad

Timestamp:

12/27/2021 12:43:22 PM (2 years ago)

Author:

Xi Ruoyao <xry111@…>

Branches:

11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

e2453ed5

Parents:

281a21f

Message:

shadow: stop building su

File:

• postlfs/security/shadow.xml (modified) (4 diffs)

postlfs/security/shadow.xml

@@ -134 +134 @@
     -i etc/login.defs                                 &&
 
-./configure --sysconfdir=/etc --with-group-name-max-length=32 &&
+./configure --sysconfdir=/etc               \
+            --with-group-name-max-length=32 \
+            --without-su                    &&
 make</userinput></screen>
 
@@ -188 +190 @@
       <parameter>--with-group-name-max-length=32</parameter>: The maximum
       user name is 32 characters. Make the maximum group name the same.
+    </para>
+
+    <para>
+      <parameter>--without-su</parameter>: Don't reinstall
+      <command>su</command> because the upstream recommends to use the
+      <command>su</command> command from <xref linkend='util-linux'/>
+      when <application>Linux-PAM</application> is available.
     </para>
 
@@ -414 +423 @@
 
       <sect4>
-        <title>'su'</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/su &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/su
-
-# always allow root
-auth      sufficient  pam_rootok.so
-
-# Allow users in the wheel group to execute su without a password
-# disabled by default
-#auth      sufficient  pam_wheel.so trust use_uid
-
-# include system auth settings
-auth      include     system-auth
-
-# limit su to users in the wheel group
-auth      required    pam_wheel.so use_uid
-
-# include system account settings
-account   include     system-account
-
-# Set default environment variables for the service user
-session   required    pam_env.so
-
-# include system session settings
-session   include     system-session
-
-# End /etc/pam.d/su</literal>
-EOF</userinput></screen>
-      </sect4>
-
-      <sect4>
         <title>'chage'</title>
 
@@ -483 +460 @@
             At this point, you should do a simple test to see if
             <application>Shadow</application> is working as expected. Open
-            another terminal and log in as a user, then <command>su</command> to
-            <systemitem class="username">root</systemitem>. If you do not see
-            any errors, then all is well and you should proceed with the rest of
-            the configuration. If you did receive errors, stop now and double
-            check the above configuration files manually. One obvious reason
-            for an error is if the user is not in group <systemitem
-            class="groupname">wheel</systemitem>. You may want to run (as
-            <systemitem class="username">root</systemitem>): <command>usermod
-            -a -G wheel <replaceable>&lt;user&gt;</replaceable></command>.
-            Any other error is the sign of an error in the above procedure.
+            another terminal and log in as
+            <systemitem class="username">root</systemitem>, and then run
+            <command>login</command> and login as another user.  If you do
+            not see any errors, then all is well and you should proceed with
+            the rest of the configuration. If you did receive errors, stop
+            now and double check the above configuration files manually.
+            Any error is the sign of an error in the above procedure.
             You can also run the
-            test suite from the <application>Linux-PAM</application> package to
-            assist you in determining the problem. If you cannot find and fix
-            the error, you should recompile <application>Shadow</application>
-            adding the <option>--without-libpam</option> switch to the
-            <command>configure</command> command in the above instructions (also
-            move the <filename>/etc/login.defs.orig</filename> backup file to
-            <filename>/etc/login.defs</filename>). If you fail to do this and
-            the errors remain, you will be unable to log into your system.
+            test suite from the <application>Linux-PAM</application> package
+            to assist you in determining the problem. If you cannot find and
+            fix the error, you should recompile
+            <application>Shadow</application> adding the
+            <option>--without-libpam</option> switch to the
+            <command>configure</command> command in the above instructions
+            (also move the <filename>/etc/login.defs.orig</filename> backup
+            file to <filename>/etc/login.defs</filename>). If you fail to do
+            this and the errors remain, you will be unable to log into your
+            system.
           </para>
         </warning>