source: postlfs/security/shadow.xml@ ef66b4c

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since ef66b4c was 9f12e36, checked in by Randy McMurchy <randy@…>, 18 years ago

Removed 'keywordset' blocks and extra spaces from the XML files (note this was by accident as I meant to do just in the gnome directory but I was in the root of BOOK when I ran the script, but this was going to happen anyway so I don't think it is a big deal)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6192 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 21.4 KB
RevLine 
[b4b71892]1<?xml version="1.0" encoding="ISO-8859-1"?>
[ff769b8c]2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
[b4b71892]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
[17fb537e]6
[31f3a57]7 <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2">
8 <!ENTITY shadow-download-ftp "ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2">
[8f68b03]9 <!ENTITY shadow-md5sum "a0452fa989f8ba45023cc5a08136568e">
10 <!ENTITY shadow-size "1.2 MB">
11 <!ENTITY shadow-buildsize "15.5 MB">
[349b53dd]12 <!ENTITY shadow-time "0.3 SBU">
[b4b71892]13]>
14
[17fb537e]15<sect1 id="shadow" xreflabel="Shadow-&shadow-version;">
[322f172]16 <?dbhtml filename="shadow.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Shadow-&shadow-version;</title>
24
25 <indexterm zone="shadow">
26 <primary sortas="a-Shadow">Shadow</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Shadow</title>
31
32 <para><application>Shadow</application> was indeed installed in LFS and
33 there is no reason to reinstall it unless you installed
[c6bdcb0]34 <application>CrackLib</application> or
35 <application>Linux-PAM</application> after your LFS system was completed.
36 If you have installed <application>CrackLib</application> after LFS, then
37 reinstalling <application>Shadow</application> will enable strong password
38 support. If you have installed <application>Linux-PAM</application>,
39 reinstalling <application>Shadow</application> will allow programs such as
[d8684cbc]40 <command>login</command> and <command>su</command> to utilize PAM.</para>
[322f172]41
42 <bridgehead renderas="sect3">Package Information</bridgehead>
43 <itemizedlist spacing="compact">
44 <listitem>
45 <para>Download (HTTP): <ulink url="&shadow-download-http;"/></para>
46 </listitem>
47 <listitem>
48 <para>Download (FTP): <ulink url="&shadow-download-ftp;"/></para>
49 </listitem>
50 <listitem>
51 <para>Download MD5 sum: &shadow-md5sum;</para>
52 </listitem>
53 <listitem>
54 <para>Download size: &shadow-size;</para>
55 </listitem>
56 <listitem>
57 <para>Estimated disk space required: &shadow-buildsize;</para>
58 </listitem>
59 <listitem>
60 <para>Estimated build time: &shadow-time;</para>
61 </listitem>
62 </itemizedlist>
63
[8f68b03]64 <!--
[322f172]65 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
66 <itemizedlist spacing='compact'>
67 <listitem>
[d8684cbc]68 <para>Required patch: <ulink
69 url="&patch-root;/shadow-&shadow-version;-configure_fix-1.patch"/></para>
[322f172]70 </listitem>
71 </itemizedlist>
[8f68b03]72 -->
[322f172]73
74 <bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
75
76 <bridgehead renderas="sect4">Required</bridgehead>
[c6bdcb0]77 <para role="required"><xref linkend="linux-pam"/> and/or
78 <xref linkend="cracklib"/></para>
[322f172]79
[3597eb6]80 <para condition="html" role="usernotes">User Notes:
81 <ulink url="&blfs-wiki;/shadow"/></para>
82
[322f172]83 </sect2>
84
85 <sect2 role="installation">
86 <title>Installation of Shadow</title>
87
[c6bdcb0]88 <important>
89 <para>The installation shown below is for a situation where
90 <application>Linux-PAM</application> has been installed (with or
91 without a <application>CrackLib</application> installation) and
92 <application>Shadow</application> is being reinstalled to support the
93 <application>Linux-PAM</application> installation. If you are
94 reinstalling <application>Shadow</application> to provide strong
95 password support via the <application>CrackLib</application> library
96 and you have not installed <application>Linux-PAM</application>, ensure
[8f68b03]97 you add the <parameter>--with-libcrack</parameter> parameter to the
98 <command>configure</command> script below.</para>
[c6bdcb0]99 </important>
100
[322f172]101 <para>Reinstall <application>Shadow</application> by running the following
102 commands:</para>
103
[8f68b03]104<screen><userinput>./configure --libdir=/lib \
105 --enable-shared \
106 --without-selinux &amp;&amp;
[4fcf20a5]107sed -i 's/groups$(EXEEXT) //' src/Makefile &amp;&amp;
[4d3f1239]108find man -name Makefile -exec sed -i '/groups/d' {} \; &amp;&amp;
[8f68b03]109sed -i -e 's/ ko//' \
110 -e 's/ zh_CN zh_TW//' \
111 man/Makefile &amp;&amp;
112
113for i in de es fi fr id it pt_BR; do
114 convert-mans UTF-8 ISO-8859-1 man/${i}/*.?
115done &amp;&amp;
116
117for i in cs hu pl; do
118 convert-mans UTF-8 ISO-8859-2 man/${i}/*.?
119done &amp;&amp;
120
121convert-mans UTF-8 EUC-JP man/ja/*.? &amp;&amp;
122convert-mans UTF-8 KOI8-R man/ru/*.? &amp;&amp;
123convert-mans UTF-8 ISO-8859-9 man/tr/*.? &amp;&amp;
124
[322f172]125make</userinput></screen>
[17fb537e]126
[31f3a57]127 <para>This package does not come with a test suite.</para>
128
[322f172]129 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
[17fb537e]130
[322f172]131<screen role="root"><userinput>make install &amp;&amp;
[4fcf20a5]132mv -v /usr/bin/passwd /bin &amp;&amp;
133mv -v /lib/libshadow.*a /usr/lib &amp;&amp;
134rm -v /lib/libshadow.so &amp;&amp;
[322f172]135ln -v -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen>
[b4b71892]136
[322f172]137 </sect2>
[b4b71892]138
[322f172]139 <sect2 role="commands">
140 <title>Command Explanations</title>
[b4b71892]141
[8f68b03]142 <!-- Removed the -with-libpam and -without-libcrack options from the
143 default as these are the defaults. Pam will automatically be picked
144 up if it is installed, and CrackLib won't be used unless specifically
145 requested via -with-libcrack
146 <para><parameter>-without-libcrack</parameter>: This switch tells
[322f172]147 <application>Shadow</application> not to use
148 <filename class='libraryfile'>libcrack</filename>. This is desired as
[d8684cbc]149 <application>Linux-PAM</application> will provide
150 <filename class='libraryfile'>libcrack</filename> functionality.</para>
[8f68b03]151 -->
152
153 <para><parameter>--without-selinux</parameter>: Support for selinux is
154 enabled by default, but selinux is not built in a base LFS system. The
155 <command>configure</command> script will fail if this option is not
156 used.</para>
157
158 <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile</command>: This
159 command is used to suppress the installation of the
160 <command>groups</command> program as the version from the
161 <application>Coreutils</application> package installed during LFS is
162 preferred.</para>
163
164 <para><command>find man -name Makefile -exec ... {} \;</command>: This
165 command is used to suppress the installation of the
166 <command>groups</command> man pages so the existing ones installed from
167 the <application>Coreutils</application> package are not replaced.</para>
168
169 <para><command>sed -i -e '...' -e '...' man/Makefile</command>: This
170 command disables the installation of Chinese and Korean manual pages, since
171 <application>Man-DB</application> cannot format them properly.</para>
172
173 <para><command>convert-mans ...</command>: These commands are used to
174 convert some of the man pages so that <application>Man-DB</application>
[98fa7cc0]175 will display them in the expected encodings.</para>
[8f68b03]176
177 <para><command>mv -v /usr/bin/passwd /bin</command>: The
178 <command>passwd</command> program may be needed during times when the
179 <filename class='directory'>/usr</filename> filesystem is not mounted so
180 it is moved into the root partition.</para>
181
182 <para><command>mv -v ...; rm -v ...; ln -v ...</command>: These commands
183 are used to move the <filename class='libraryfile'>libshadow</filename>
184 library to the root partition to support the moving of the
185 <command>passwd</command> program earlier.</para>
[39975e9]186
[322f172]187 </sect2>
[b4b71892]188
[322f172]189 <sect2 role="configuration">
190 <title>Configuring Linux-PAM to Work with Shadow</title>
[b4b71892]191
[8f68b03]192 <note>
193 <para>The rest of the page is devoted to configuring
194 <application>Shadow</application> to work properly with
195 <application>Linux-PAM</application>. If you do not have
196 <application>Linux-PAM</application> installed, and you reinstalled
197 <application>Shadow</application> to support strong passwords via
198 the <application>CrackLib</application> library, no further configuration
199 is required.</para>
200 </note>
201
[322f172]202 <sect3 id="pam.d">
203 <title>Config Files</title>
[b4b71892]204
[1ba671c]205 <para><filename>/etc/pam.d/*</filename> or alternatively
206 <filename>/etc/pam.conf, /etc/login.defs and
207 /etc/security/*</filename></para>
[b4b71892]208
[322f172]209 <indexterm zone="shadow pam.d">
210 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
211 </indexterm>
[2197589]212
[322f172]213 <indexterm zone="shadow pam.d">
214 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
215 </indexterm>
[4fcf20a5]216
[1ba671c]217 <indexterm zone="shadow pam.d">
218 <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
219 </indexterm>
220
221 <indexterm zone="shadow pam.d">
222 <primary sortas="e-etc-security">/etc/security/*</primary>
223 </indexterm>
224
[322f172]225 </sect3>
226
227 <sect3>
228 <title>Configuration Information</title>
229
[8f68b03]230 <para>Configuring your system to use <application>Linux-PAM</application>
231 can be a complex task. The information below will provide a basic setup
232 so that <application>Shadow</application>'s login and password
233 functionality will work effectively with
234 <application>Linux-PAM</application>. Review the information and links on
235 the <xref linkend="linux-pam"/> page for further configuration
236 information. For information specific to integrating
237 <application>Shadow</application>, <application>Linux-PAM</application>
238 and <application>CrackLib</application>, you can visit the following
239 links:</para>
240
241 <itemizedlist spacing="compact">
242 <listitem>
243 <para><ulink
244 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3"/></para>
245 </listitem>
246 <listitem>
247 <para><ulink
248 url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/></para>
249 </listitem>
250 </itemizedlist>
251
[1ba671c]252 <sect4 id="pam-login-defs">
253 <title>Configuring /etc/login.defs</title>
254
255 <para>The <command>login</command> program currently performs many
256 functions which <application>Linux-PAM</application> modules should
257 now handle. The following <command>sed</command> command will comment
258 out the appropriate lines in <filename>/etc/login.defs</filename>, and
259 stop <command>login</command> from performing these functions (a backup
260 file named <filename>/etc/login.defs.orig</filename> is also created
[d8684cbc]261 to preserve the original file's contents). Issue the following commands
262 as the <systemitem class="username">root</systemitem> user:</para>
[1ba671c]263
264 <indexterm zone="shadow pam-login-defs">
265 <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
266 </indexterm>
267
268<screen role="root"><userinput>install -v -m644 /etc/login.defs /etc/login.defs.orig &amp;&amp;
269for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \
270 PORTTIME_CHECKS_ENAB CONSOLE \
271 MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \
272 SU_WHEEL_ONLY MD5_CRYPT_ENAB \
273 CONSOLE_GROUPS ENVIRON_FILE \
274 ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \
275 ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \
[8f68b03]276 CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE \
277 OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
278 PASS_CHANGE_TRIES PASS_ALWAYS_WARN
[1ba671c]279do
[d8684cbc]280 sed -i "s/^$FUNCTION/# &amp;/" /etc/login.defs
[1ba671c]281done</userinput></screen>
282
[8f68b03]283 <!-- Moved the commenting of these four parameters into the section
284 above. If PAM is installed, it complains if these are not commented
285 regardless if CrackLib is installed.
286
[1ba671c]287 <para>If you have <application>CrackLib</application> installed,
[d8684cbc]288 also comment out four more lines using the following command as the
289 <systemitem class="username">root</systemitem> user:</para>
[1ba671c]290
291<screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
292 PASS_CHANGE_TRIES PASS_ALWAYS_WARN
293do
[d8684cbc]294 sed -i "s/^$FUNCTION/# &amp;/" /etc/login.defs
[1ba671c]295done</userinput></screen>
296
[8f68b03]297 -->
298
[1ba671c]299 </sect4>
300
301 <sect4>
302 <title>Configuring the /etc/pam.d/ Files</title>
303
304 <para>Add the following <application>Linux-PAM</application> configuration
305 files to <filename class="directory">/etc/pam.d/</filename> (or add them
306 to <filename>/etc/pam.conf</filename> with the additional field for
[d8684cbc]307 the program). Issue the commands as the
308 <systemitem class="username">root</systemitem> user:</para>
[1ba671c]309
310 </sect4>
[322f172]311
312 <sect4>
[974951c]313 <title>'login' (with CrackLib)</title>
[322f172]314
315<screen role="root"><userinput>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"
316<literal># Begin /etc/pam.d/login
[4fcf20a5]317
318auth requisite pam_securetty.so
319auth requisite pam_nologin.so
320auth required pam_unix.so
321account required pam_access.so
322account required pam_unix.so
[7fb0e285]323session required pam_env.so
[4fcf20a5]324session required pam_motd.so
325session required pam_limits.so
326session optional pam_mail.so dir=/var/mail standard
327session optional pam_lastlog.so
328session required pam_unix.so
329password required pam_cracklib.so retry=3 difok=8 minlen=5 \
330 dcredit=3 ocredit=3 \
331 ucredit=2 lcredit=2
332password required pam_unix.so md5 shadow use_authtok
333
[322f172]334# End /etc/pam.d/login</literal>
335EOF</userinput></screen>
336
337 </sect4>
[4fcf20a5]338
[322f172]339 <sect4>
[974951c]340 <title>'login' (without CrackLib)</title>
[4fcf20a5]341
[322f172]342<screen role="root"><userinput>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"
343<literal># Begin /etc/pam.d/login
[b4b71892]344
345auth requisite pam_securetty.so
346auth requisite pam_nologin.so
347auth required pam_env.so
348auth required pam_unix.so
349account required pam_access.so
350account required pam_unix.so
351session required pam_motd.so
352session required pam_limits.so
[4fcf20a5]353session optional pam_mail.so dir=/var/mail standard
[b4b71892]354session optional pam_lastlog.so
355session required pam_unix.so
[4fcf20a5]356password required pam_unix.so md5 shadow
[b4b71892]357
[322f172]358# End /etc/pam.d/login</literal>
359EOF</userinput></screen>
[4fcf20a5]360
[322f172]361 </sect4>
[4fcf20a5]362
[322f172]363 <sect4>
[974951c]364 <title>'passwd' (with CrackLib)</title>
[322f172]365
366<screen role="root"><userinput>cat &gt; /etc/pam.d/passwd &lt;&lt; "EOF"
367<literal># Begin /etc/pam.d/passwd
[b4b71892]368
[4fcf20a5]369password required pam_cracklib.so retry=3 difok=8 minlen=5 \
370 dcredit=3 ocredit=3 \
371 ucredit=2 lcredit=2
372password required pam_unix.so md5 shadow use_authtok
[b4b71892]373
[322f172]374# End /etc/pam.d/passwd</literal>
375EOF</userinput></screen>
376
377 </sect4>
[b4b71892]378
[322f172]379 <sect4>
[974951c]380 <title>'passwd' (without CrackLib)</title>
[4fcf20a5]381
[322f172]382<screen role="root"><userinput>cat &gt; /etc/pam.d/passwd &lt;&lt; "EOF"
383<literal># Begin /etc/pam.d/passwd
[4fcf20a5]384
385password required pam_unix.so md5 shadow
[b4b71892]386
[322f172]387# End /etc/pam.d/passwd</literal>
388EOF</userinput></screen>
389
390 </sect4>
[4fcf20a5]391
[322f172]392 <sect4>
393 <title>'su'</title>
[4fcf20a5]394
[322f172]395<screen role="root"><userinput>cat &gt; /etc/pam.d/su &lt;&lt; "EOF"
396<literal># Begin /etc/pam.d/su
[b4b71892]397
398auth sufficient pam_rootok.so
399auth required pam_unix.so
400account required pam_unix.so
[4fcf20a5]401session optional pam_mail.so dir=/var/mail standard
[7fb0e285]402session required pam_env.so
[b4b71892]403session required pam_unix.so
404
[322f172]405# End /etc/pam.d/su</literal>
406EOF</userinput></screen>
[b4b71892]407
[322f172]408 </sect4>
[b4b71892]409
[322f172]410 <sect4>
411 <title>'chage'</title>
412
413<screen role="root"><userinput>cat &gt; /etc/pam.d/chage &lt;&lt; "EOF"
414<literal># Begin /etc/pam.d/chage
[b4b71892]415
416auth sufficient pam_rootok.so
417auth required pam_unix.so
418account required pam_unix.so
419session required pam_unix.so
420password required pam_permit.so
421
[322f172]422# End /etc/pam.d/chage</literal>
423EOF</userinput></screen>
424
425 </sect4>
[b4b71892]426
[322f172]427 <sect4>
428 <title>'chpasswd', 'newusers', 'groupadd', 'groupdel',
429 'groupmod', 'useradd', 'userdel', and 'usermod'</title>
[39975e9]430
[322f172]431<screen role="root"><userinput>for PROGRAM in chpasswd newusers groupadd groupdel \
[4fcf20a5]432 groupmod useradd userdel usermod
433do
[904f31e2]434 install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
[d8684cbc]435 sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM
[322f172]436done</userinput></screen>
437
438 <warning>
439 <para>At this point, you should do a simple test to see if
440 <application>Shadow</application> is working as expected. Open
[1ba671c]441 another terminal and log in as a user, then <command>su</command> to
[974951c]442 <systemitem class="username">root</systemitem>. If you do not see any
443 errors, then all is well and you should proceed with the rest of the
[322f172]444 configuration. If you did receive errors, stop now and double check
[b65246b]445 the above configuration files manually. You can also run the test
446 suite from the <application>Linux-PAM</application> package to assist
447 you in determining the problem. If you cannot find and
[322f172]448 fix the error, you should recompile <application>Shadow</application>
449 replacing <option>--with-libpam</option> with
[1ba671c]450 <option>--without-libpam</option> in the above instructions (also move
451 the <filename>/etc/login.defs.orig</filename> backup file to
452 <filename>/etc/login.defs</filename>). If you
[322f172]453 fail to do this and the errors remain, you will be unable to log into
454 your system.</para>
455 </warning>
456
[349b53dd]457 </sect4>
458
459 <sect4>
460 <title>Other</title>
461
[322f172]462 <para>Currently, <filename>/etc/pam.d/other</filename> is configured
463 to allow anyone with an account on the machine to use PAM-aware
464 programs without a configuration file for that program. After testing
465 <application>Linux-PAM</application> for proper configuration, install
466 a more restrictive <filename>other</filename> file so that
467 program-specific configuration files are required:</para>
468
469<screen role="root"><userinput>cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
470<literal># Begin /etc/pam.d/other
[b4b71892]471
472auth required pam_deny.so
473auth required pam_warn.so
474account required pam_deny.so
475session required pam_deny.so
476password required pam_deny.so
477password required pam_warn.so
478
[322f172]479# End /etc/pam.d/other</literal>
480EOF</userinput></screen>
[4fcf20a5]481
[b65246b]482 <para>If you preserved the source tree from the
483 <application>Linux-PAM</application> package (or you feel like unpacking
484 that tarball, then running <command>configure</command> and
485 <command>make</command>), now would be a good time to run the test
486 suite from this package. This test suite will use the configuration you
487 just finished during the tests. All the tests should pass.</para>
488
[322f172]489 </sect4>
[4fcf20a5]490
[322f172]491 <sect4 id="pam-access">
492 <title>Configuring Login Access</title>
[4fcf20a5]493
[322f172]494 <para>Instead of using the <filename>/etc/login.access</filename>
495 file for controlling access to the system,
496 <application>Linux-PAM</application> uses the
497 <filename class='libraryfile'>pam_access.so</filename> module along
498 with the <filename>/etc/security/access.conf</filename> file. Rename
499 the <filename>/etc/login.access</filename> file using the following
500 command:</para>
501
502 <indexterm zone="shadow pam-access">
503 <primary sortas="e-etc-security-access.conf">/etc/security/access.conf</primary>
504 </indexterm>
505
506<screen role="root"><userinput>if [ -f /etc/login.access ]; then
[4fcf20a5]507 mv -v /etc/login.access /etc/login.access.NOUSE
[322f172]508fi</userinput></screen>
509
510 </sect4>
511
512 <sect4 id="pam-limits">
513 <title>Configuring Resource Limits</title>
514
515 <para>Instead of using the <filename>/etc/limits</filename> file
516 for limiting usage of system resources,
517 <application>Linux-PAM</application> uses the
518 <filename class='libraryfile'>pam_limits.so</filename> module along
519 with the <filename>/etc/security/limits.conf</filename> file. Rename
520 the <filename>/etc/limits</filename> file using the following
521 command:</para>
522
523 <indexterm zone="shadow pam-limits">
524 <primary sortas="e-etc-security-limits.conf">/etc/security/limits.conf</primary>
525 </indexterm>
526
527<screen role="root"><userinput>if [ -f /etc/limits ]; then
[4fcf20a5]528 mv -v /etc/limits /etc/limits.NOUSE
[322f172]529fi</userinput></screen>
530
531 </sect4>
[4fcf20a5]532
[7fb0e285]533 <sect4 id="pam-env">
534 <title>Configuring Default Environment</title>
535
[bccbdaea]536 <para>During previous configuration, several items were removed from
[7fb0e285]537 <filename>/etc/login.defs</filename>. Some of these items are now
[bccbdaea]538 controlled by the <filename class='libraryfile'>pam_env.so</filename>
539 module and the <filename>/etc/security/pam_env.conf</filename>
540 configuration file. In particular, the default path has been
541 changed. To recover your default path, execute the following
[7fb0e285]542 commands:</para>
543
[d8684cbc]544<screen role="root"><userinput>ENV_PATH=`grep '^ENV_PATH' /etc/login.defs.orig | \
[7fb0e285]545 awk '{ print $2 }' | sed 's/PATH=//'` &amp;&amp;
[d8684cbc]546echo 'PATH DEFAULT='`echo "${ENV_PATH}"`\
547' OVERRIDE=${PATH}' \
[7fb0e285]548 >> /etc/security/pam_env.conf &amp;&amp;
[d8684cbc]549unset ENV_PATH</userinput></screen>
[7fb0e285]550
[d8684cbc]551 <note>
[bccbdaea]552 <para>ENV_SUPATH is no longer supported. You must create
553 a valid <filename>/root/.bashrc</filename> file to provide a
[d8684cbc]554 modified path for the super-user.</para>
555 </note>
[7fb0e285]556
557 </sect4>
558
[322f172]559 </sect3>
[b4b71892]560
[322f172]561 </sect2>
[f45b1953]562
[322f172]563 <sect2 role="content">
564 <title>Contents</title>
[17fb537e]565
[322f172]566 <para>A list of the installed files, along with their short descriptions
567 can be found at
568 <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>.</para>
[17fb537e]569
[322f172]570 </sect2>
[17fb537e]571
[f45b1953]572</sect1>
Note: See TracBrowser for help on using the repository browser.