Changeset 4f406ea for postlfs/security/shadow.xml
- Timestamp:
- 11/17/2022 07:58:32 AM (18 months ago)
- Branches:
- 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/xf86-video-removal
- Children:
- 11c62aa
- Parents:
- 41f908a (diff), 84f972c1 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/shadow.xml
r41f908a r4f406ea 7 7 <!ENTITY shadow-download-http "https://github.com/shadow-maint/shadow/releases/download/&shadow-version;/shadow-&shadow-version;.tar.xz"> 8 8 <!ENTITY shadow-download-ftp " "> 9 <!ENTITY shadow-md5sum " 710bcc89c39683609aacfef9f08bd854">9 <!ENTITY shadow-md5sum "b1ab01b5462ddcf43588374d57bec123"> 10 10 <!ENTITY shadow-size "1.7 MB"> 11 <!ENTITY shadow-buildsize " 36MB">11 <!ENTITY shadow-buildsize "45 MB"> 12 12 <!ENTITY shadow-time "0.2 SBU"> 13 13 ]> … … 139 139 140 140 sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ 141 -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\1000@' \ 141 142 -e 's@/var/spool/mail@/var/mail@' \ 142 143 -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ … … 188 189 <para> 189 190 <command>sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' -e 190 's@/var/spool/mail@/var/mail@' -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' 191 -i etc/login.defs</command>: Instead of using 192 the default 'DES' method, this command modifies the installation to use 193 the more secure 'SHA512' method of hashing passwords, which also allows 194 passwords longer than eight characters. It also changes the obsolete 195 <filename class="directory">/var/spool/mail</filename> location for user 196 mailboxes that <application>Shadow</application> uses by default to the 197 <filename class="directory">/var/mail</filename> location. It also 198 changes the default path to be consistent with that set in LFS. 191 's@#SHA_CRYPT_..._ROUNDS 5000@&000@' -e 192 's@/var/spool/mail@/var/mail@' -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' 193 -i etc/login.defs</command>: Instead of using the default 'DES' 194 method, this command modifies the installation to use the more secure 195 'SHA512' method of hashing passwords, which also allows passwords 196 longer than eight characters. The number of rounds is also increased 197 to prevent brute force pasword attacks. The command also changes the 198 obsolete <filename class="directory">/var/spool/mail</filename> location 199 for user mailboxes that <application>Shadow</application> uses by 200 default to the <filename class="directory">/var/mail</filename> 201 location. It also changes the default path to be consistent with that 202 set in LFS. 199 203 </para> 200 204 <!-- … … 554 558 <primary sortas="e-etc-security-access.conf">/etc/security/access.conf</primary> 555 559 </indexterm> 556 557 <screen role="root"><userinput>[ -f /etc/login.access ] && mv -v /etc/login.access{,.NOUSE}</userinput></screen> 560 <!-- to editors: it is a common belief that: 561 if <condition>; then <command>; fi 562 is equivalent to: 563 <condition> && <command> 564 This is not true in bash; try: 565 ([ 0 = 1 ] && echo not reachable); echo $? # echoes 1 566 vs 567 (if [ 0 = 1 ]; then echo not reachable; fi); echo $? # echoes 0 568 So in scripts that may call subshells (for example through sudo) and 569 that need error reporting, the outcome _is_ different. In all 570 cases, for bash, the "if" form should be preferred.--> 571 <screen role="root"><userinput>if [ -f /etc/login.access ]; then mv -v /etc/login.access{,.NOUSE}; fi</userinput></screen> 558 572 </sect4> 559 573 … … 574 588 </indexterm> 575 589 576 <screen role="root"><userinput> [ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE}</userinput></screen>590 <screen role="root"><userinput>if [ -f /etc/limits ]; then mv -v /etc/limits{,.NOUSE}; fi</userinput></screen> 577 591 578 592 <caution>
Note:
See TracChangeset
for help on using the changeset viewer.