source: chapter06/shadowpwd-inst.xml@ 0e1c091

<sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>

<sect2>
<title>Installation of Shadow Password Suite</title>

<para>Before you install this package, you may want to have a look at
the Shadow hint. It discusses how you can make your system more secure
regarding passwords, such as how to enable the more secure MD5 passwords
and how to get the most out of this Shadow package. The Shadow hint can
be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>

<para>Programs like login, shutdown, uptime, and others want to read
from and to the /var/run/utmp, /var/log/btmp and /var/log/wtmp. These
files contain information about who is currently logged in. They also
contain information about when the conmputer was last booted and
shutdown and a record of bas login attempts.</para>

<para>Create these files with their proper permissions by running the
following commands:</para>

<para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} &amp;&amp;
chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp)</userinput></screen></para>

<para>Prepare Shadow to be compiled:</para>

<para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib \
&nbsp;&nbsp;&nbsp;&nbsp;--enable-shared</userinput></screen></para>

<para>Continue with compiling the package:</para>

<para><screen><userinput>make</userinput></screen></para>

<para>Install the package:</para>

<para><screen><userinput>make install</userinput></screen></para>

<para>Shadow uses two files to configure authentication settings for
the system. Install those config files:</para>

<para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>

<para><filename class="directory">/var/spool/mail</filename> is the
old location of the user mailboxes. The location that is used nowadays
is /var/mail. Issue the following command to modify the mailbox
location:</para>

<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
&nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>

<para>According to the manpage of <userinput>vipw</userinput>,
a <userinput>vigr</userinput> symlink should exist. Because the
shadow installation procedure doesn't create this symlink, it
must be created manually:</para>

<para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>

<para>The <filename>vipw</filename> link is currently pointing
to a non-existing file. Since this file isn't needed here, remove
it:</para>

<para><screen><userinput>rm /bin/vipw</userinput></screen></para>

<para>Move the <userinput>sg</userinput> program to the
<filename class="directory">/usr/bin</filename> directory:</para>

<para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>

<para>Move Shadow's dynamic libraries to a more appropriate location:</para>

<para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>

<para>The libraries have been moved, but some packages expect to
find them in them in the
<filename class="directory">/usr/lib</filename> directory. To account
for this, create the following symlinks:</para>

<para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so &amp;&amp;
ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>

<para>Sh-utils and Shadow Password Suite each install a unique
<filename>groups</filename> program. If you wish, you may remove the
<filename>groups</filename> program installed by the Shadow Password
Suite:</para>

<para><screen><userinput>rm /bin/groups</userinput></screen></para>

</sect2>