Changeset da84909

Timestamp:

12/27/2021 06:03:46 PM (2 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

8ddd8400

Parents:

0a0ad3a (diff), a17c33d (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'trunk' of git.linuxfromscratch.org:blfs into trunk

Files:

• general/sysutils/systemd.xml (modified) (3 diffs)
• packages.ent (modified) (1 diff)
• postlfs/security/linux-pam.xml (modified) (1 diff)
• postlfs/security/security.xml (modified) (1 diff)
• postlfs/security/shadow.xml (modified) (4 diffs)
• postlfs/security/util-linux.xml (added)

general/sysutils/systemd.xml

@@ -395 +395 @@
 
       <para>
-        Listed below are the newly installed libraries and directories
+        Listed below are the newly installed programs
         along with short descriptions.
       </para>
@@ -401 +401 @@
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
-      <segtitle>Installed Libraries</segtitle>
-      <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
@@ -409 +407 @@
           homectl (if <xref linkend="cryptsetup"/> is installed)
           and userdbctl (optionally)
-        </seg>
-        <seg>
-          pam_systemd.so
-          (in <filename class="directory">/lib/security</filename>)
-        </seg>
-        <seg>
-          None
         </seg>
       </seglistitem>

packages.ent

@@ -40 +40 @@
 <!ENTITY sudo-version                 "1.9.8p2">
 <!ENTITY tripwire-version             "2.4.3.7">
+<!ENTITY util-linux-minor             "2.37">
+<!ENTITY util-linux-version           "&util-linux-minor;.2">
 <!ENTITY volume_key-version           "0.3.12">
 

postlfs/security/linux-pam.xml

@@ -450 +450 @@
         <para>
           You should now reinstall the <xref linkend="shadow"/>
-          <phrase revision="sysv">package.</phrase>
+          <phrase revision="sysv">package</phrase>
           <phrase revision="systemd"> and <xref linkend="systemd"/>
-          packages.</phrase>
+          packages</phrase>, and install <command>su</command> from
+          <xref linkend='util-linux'/>.
         </para>
       </important>

postlfs/security/security.xml

@@ -84 +84 @@
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="util-linux.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>

postlfs/security/shadow.xml

@@ -134 +134 @@
     -i etc/login.defs                                 &&
 
-./configure --sysconfdir=/etc --with-group-name-max-length=32 &&
+./configure --sysconfdir=/etc               \
+            --with-group-name-max-length=32 \
+            --without-su                    &&
 make</userinput></screen>
 
@@ -188 +190 @@
       <parameter>--with-group-name-max-length=32</parameter>: The maximum
       user name is 32 characters. Make the maximum group name the same.
+    </para>
+
+    <para>
+      <parameter>--without-su</parameter>: Don't reinstall
+      <command>su</command> because the upstream recommends to use the
+      <command>su</command> command from <xref linkend='util-linux'/>
+      when <application>Linux-PAM</application> is available.
     </para>
 
@@ -414 +423 @@
 
       <sect4>
-        <title>'su'</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/su &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/su
-
-# always allow root
-auth      sufficient  pam_rootok.so
-
-# Allow users in the wheel group to execute su without a password
-# disabled by default
-#auth      sufficient  pam_wheel.so trust use_uid
-
-# include system auth settings
-auth      include     system-auth
-
-# limit su to users in the wheel group
-auth      required    pam_wheel.so use_uid
-
-# include system account settings
-account   include     system-account
-
-# Set default environment variables for the service user
-session   required    pam_env.so
-
-# include system session settings
-session   include     system-session
-
-# End /etc/pam.d/su</literal>
-EOF</userinput></screen>
-      </sect4>
-
-      <sect4>
         <title>'chage'</title>
 
@@ -483 +460 @@
             At this point, you should do a simple test to see if
             <application>Shadow</application> is working as expected. Open
-            another terminal and log in as a user, then <command>su</command> to
-            <systemitem class="username">root</systemitem>. If you do not see
-            any errors, then all is well and you should proceed with the rest of
-            the configuration. If you did receive errors, stop now and double
-            check the above configuration files manually. One obvious reason
-            for an error is if the user is not in group <systemitem
-            class="groupname">wheel</systemitem>. You may want to run (as
-            <systemitem class="username">root</systemitem>): <command>usermod
-            -a -G wheel <replaceable>&lt;user&gt;</replaceable></command>.
-            Any other error is the sign of an error in the above procedure.
+            another terminal and log in as
+            <systemitem class="username">root</systemitem>, and then run
+            <command>login</command> and login as another user.  If you do
+            not see any errors, then all is well and you should proceed with
+            the rest of the configuration. If you did receive errors, stop
+            now and double check the above configuration files manually.
+            Any error is the sign of an error in the above procedure.
             You can also run the
-            test suite from the <application>Linux-PAM</application> package to
-            assist you in determining the problem. If you cannot find and fix
-            the error, you should recompile <application>Shadow</application>
-            adding the <option>--without-libpam</option> switch to the
-            <command>configure</command> command in the above instructions (also
-            move the <filename>/etc/login.defs.orig</filename> backup file to
-            <filename>/etc/login.defs</filename>). If you fail to do this and
-            the errors remain, you will be unable to log into your system.
+            test suite from the <application>Linux-PAM</application> package
+            to assist you in determining the problem. If you cannot find and
+            fix the error, you should recompile
+            <application>Shadow</application> adding the
+            <option>--without-libpam</option> switch to the
+            <command>configure</command> command in the above instructions
+            (also move the <filename>/etc/login.defs.orig</filename> backup
+            file to <filename>/etc/login.defs</filename>). If you fail to do
+            this and the errors remain, you will be unable to log into your
+            system.
           </para>
         </warning>