Changeset e807ae1d for postlfs/security/shadow.xml

Timestamp:

07/03/2007 04:20:51 AM (17 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

a77e3524

Parents:

82811c5

Message:

Updated to Shadow-4.0.18.1, which is the version used in LFS. Also modified the /etc/pam.d/login files as suggested by Jonathan Oksman to strengthen the login security

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6829 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/shadow.xml (modified) (7 diffs)

postlfs/security/shadow.xml

@@ -5 +5 @@
   %general-entities;
 
-  <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2">
-  <!ENTITY shadow-download-ftp  "ftp://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2">
-  <!ENTITY shadow-md5sum        "bc5972a195290533b4c0576276056ed9">
-  <!ENTITY shadow-size          "1.4 MB">
-  <!ENTITY shadow-buildsize     "17 MB">
+  <!-- <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2"> -->
+  <!ENTITY shadow-download-http "http://cross-lfs.org/files/packages/svn/shadow-&shadow-version;.tar.bz2">
+  <!ENTITY shadow-download-ftp  "ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2">
+  <!ENTITY shadow-md5sum        "e7751d46ecf219c07ae0b028ab3335c6">
+  <!ENTITY shadow-size          "1.5 MB">
+  <!ENTITY shadow-buildsize     "18 MB">
   <!ENTITY shadow-time          "0.3 SBU">
 ]>
@@ -62 +63 @@
     </itemizedlist>
 
-    <!--
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
       <listitem>
         <para>Required patch: <ulink
-        url="&patch-root;/shadow-&shadow-version;-configure_fix-1.patch"/></para>
+        url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para>
       </listitem>
     </itemizedlist>
-    -->
 
     <bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
@@ -102 +101 @@
     commands:</para>
 
-<screen><userinput>./configure --libdir=/lib \
+<screen><userinput>patch -Np1 -i ../shadow-&shadow-version;-useradd_fix-2.patch &amp;&amp;
+
+./configure --libdir=/lib \
             --sysconfdir=/etc \
             --enable-shared \
             --without-selinux &amp;&amp;
+
 sed -i 's/groups$(EXEEXT) //' src/Makefile &amp;&amp;
-find man -name Makefile -exec sed -i '/groups/d' {} \; &amp;&amp;
+find man -name Makefile -exec sed -i 's/groups\.1 / /' {} \; &amp;&amp;
 sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile &amp;&amp;
 
@@ -183 +185 @@
     library to the root partition to support the moving of the
     <command>passwd</command> program earlier.</para>
+
+  </sect2>
+
+  <sect2 role="configuration">
+    <title>Configuring Shadow</title>
+
+    <para><application>Shadow</application>'s stock configuration for the
+    <command>useradd</command> utility is not suitable for LFS systems. Use the
+    following commands as the <systemitem class="username">root</systemitem>
+    user to change the default home directory for new users and prevent the
+    creation of mail spool files:</para>
+
+<screen role="root"><userinput>useradd -D -b /home &amp;&amp;
+sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
 
   </sect2>
@@ -332 +348 @@
 <literal># Begin /etc/pam.d/login
 
-auth        requisite      pam_securetty.so
 auth        requisite      pam_nologin.so
+auth        required       pam_securetty.so
 auth        required       pam_unix.so
 account     required       pam_access.so
@@ -359 +375 @@
 <literal># Begin /etc/pam.d/login
 
-auth        requisite      pam_securetty.so
 auth        requisite      pam_nologin.so
+auth        required       pam_securetty.so
 auth        required       pam_env.so
 auth        required       pam_unix.so
@@ -442 +458 @@
 
       <sect4>
-        <title>'chpasswd', 'newusers', 'groupadd', 'groupdel',
-        'groupmod', 'useradd', 'userdel', and 'usermod'</title>
-
-<screen role="root"><userinput>for PROGRAM in chpasswd newusers groupadd groupdel \
-               groupmod useradd userdel usermod
+        <title>'chpasswd', 'chgpasswd', 'groupadd', 'groupdel', 'groupmems',
+        'groupmod', 'newusers', 'useradd', 'userdel', and 'usermod'</title>
+
+<screen role="root"><userinput>for PROGRAM in chpasswd chgpasswd groupadd groupdel groupmems \
+               groupmod newusers useradd userdel usermod
 do
     install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM