source: chapter06/shadowpwd-inst.xml@ 0bb2989

<sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>

<sect2>
<title>Installation of Shadow Password Suite</title>

<para>Before you install this package, you may want to have a look at
the Shadow hint. It discusses how you can make your system more secure
regarding passwords, such as how to enable the more secure MD5 passwords
and how to get the most out of this Shadow package. The Shadow hint can
be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>

<para>The <userinput>login</userinput>, <userinput>getty</userinput> and
<userinput>init</userinput> programs (and some others) maintain a number
of logfiles to record who are and who were logged in to the system.  These
programs, however, don't create these logfiles when they don't exist, so if
you want this logging to occur you will have to create the files yourself.
To let the Shadow package (that is installed next) detect these files in their
proper place, create them now, with their proper permissions:</para>

<para>Create these files with their proper permissions by running the
following commands:</para>

<para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>

<para>The <filename>/var/run/utmp</filename> file lists the users that are
currently logged in, the <filename>/var/log/wtmp</filename> file who
<emphasis>were</emphasis> logged in and when.
The <filename>/var/log/lastlog</filename> file shows for each user when he
or she last logged in, and the <filename>/var/log/btmp</filename> lists the
bad login attempts.</para>

<para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
within the binary itself, but does this the wrong way. If before installing
Shadow no <userinput>passwd</userinput> binary is present , the package wrongly
assumes it is going to be located at <filename>/bin/passwd</filename>,
but then installs it in <filename>/usr/bin/passwd</filename>. This will lead
to weird errors about not finding <filename>/bin/passwd</filename>. To work
around this bug, create a dummy <filename>passwd</filename> file,
so that it gets hard-wired properly:</para>

<para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>

<para>The current shadow suite has a problem in the newgrp command which causes
it to fail.  The following patch (also appearing in Shadow's CVS code) fixes
this problem.</para>

<para><screen><userinput>patch -Np1 -i ../shadow-&shadow-patch-version;.patch
</userinput></screen></para>

<para>Now prepare Shadow for compilation:</para>

<para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen></para>

<para>Compile the package:</para>

<para><screen><userinput>make</userinput></screen></para>

<para>And install it:</para>

<para><screen><userinput>make install</userinput></screen></para>

<para>Shadow uses two files to configure authentication settings for the
system. Install these two config files:</para>

<para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>

<para>In the old days <filename class="directory">/var/spool/mail</filename>
was the location for the user mailboxes, but nowadays <filename
class="directory">/var/mail</filename> is used. Change the default mailbox
location in the relevant configuration file while copying it to its
destination:</para>

<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
&nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>

<para>According to the man page of <userinput>vipw</userinput>, a
<userinput>vigr</userinput> program should exist too. Since the installation
procedure doesn't create this program, create a symlink manually:</para>

<para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>

<para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
pointing to a non-existent file), remove it:</para>

<para><screen><userinput>rm /bin/vipw</userinput></screen></para>

<para>Now move the <userinput>sg</userinput> program to its proper place:</para>

<para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>

<para>And move Shadow's dynamic libraries to a more appropriate location:</para>

<para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>

<para>As some packages expect to find the just-moved libraries in
<filename>/usr/lib</filename>, create the following symlinks:</para>

<para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>

<para>Coreutils has already installed a <userinput>groups</userinput> program
in <filename>/usr/bin</filename>. If you wish, you can remove the one
installed by Shadow:</para>

<para><screen><userinput>rm /bin/groups</userinput></screen></para>

</sect2>