| 1 | <sect2><title> </title><para> </para></sect2>
|
|---|
| 2 |
|
|---|
| 3 | <sect2>
|
|---|
| 4 | <title>Installation of Shadow Password Suite</title>
|
|---|
| 5 |
|
|---|
| 6 | <para>Before you install this package, you may want to have a look at
|
|---|
| 7 | the Shadow hint. It discusses how you can make your system more secure
|
|---|
| 8 | regarding passwords, such as how to enable the more secure MD5 passwords
|
|---|
| 9 | and how to get the most out of this Shadow package. The Shadow hint can
|
|---|
| 10 | be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
|
|---|
| 11 |
|
|---|
| 12 | <para>Programs like login, shutdown, uptime, and others want to read
|
|---|
| 13 | from and to the /var/run/utmp, /var/log/btmp and /var/log/wtmp. These
|
|---|
| 14 | files contain information about who is currently logged in. They also
|
|---|
| 15 | contain information about when the conmputer was last booted and
|
|---|
| 16 | shutdown and a record of bas login attempts.</para>
|
|---|
| 17 |
|
|---|
| 18 | <para>Create these files with their proper permissions by running the
|
|---|
| 19 | following commands:</para>
|
|---|
| 20 |
|
|---|
| 21 | <para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
|
|---|
| 22 | chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>
|
|---|
| 23 |
|
|---|
| 24 | <para>Shadow hard-codes the path to the passwd binary within itself, but
|
|---|
| 25 | it does it the wrong way. If no passwd binary is present before
|
|---|
| 26 | installing Shadow, it (wrongly) assumes that it will be at /bin/passwd,
|
|---|
| 27 | but then installs its own in /usr/bin/passwd. This will lead to strange
|
|---|
| 28 | errors about not finding /bin/passwd. To fix workaround this bug in
|
|---|
| 29 | Shadow, we'll create a dummy passwd file so that it gets hardcoded in
|
|---|
| 30 | the right place:</para>
|
|---|
| 31 |
|
|---|
| 32 | <para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
|
|---|
| 33 |
|
|---|
| 34 | <para>Prepare Shadow to be compiled:</para>
|
|---|
| 35 |
|
|---|
| 36 | <para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib \
|
|---|
| 37 | --enable-shared</userinput></screen></para>
|
|---|
| 38 |
|
|---|
| 39 | <para>Continue with compiling the package:</para>
|
|---|
| 40 |
|
|---|
| 41 | <para><screen><userinput>make</userinput></screen></para>
|
|---|
| 42 |
|
|---|
| 43 | <para>Install the package:</para>
|
|---|
| 44 |
|
|---|
| 45 | <para><screen><userinput>make install</userinput></screen></para>
|
|---|
| 46 |
|
|---|
| 47 | <para>Shadow uses two files to configure authentication settings for
|
|---|
| 48 | the system. Install those config files:</para>
|
|---|
| 49 |
|
|---|
| 50 | <para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
|
|---|
| 51 |
|
|---|
| 52 | <para><filename class="directory">/var/spool/mail</filename> is the
|
|---|
| 53 | old location of the user mailboxes. The location that is used nowadays
|
|---|
| 54 | is /var/mail. Issue the following command to modify the mailbox
|
|---|
| 55 | location:</para>
|
|---|
| 56 |
|
|---|
| 57 | <para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
|
|---|
| 58 | etc/login.defs.linux > /etc/login.defs</userinput></screen></para>
|
|---|
| 59 |
|
|---|
| 60 | <para>According to the manpage of <userinput>vipw</userinput>,
|
|---|
| 61 | a <userinput>vigr</userinput> symlink should exist. Because the
|
|---|
| 62 | shadow installation procedure doesn't create this symlink, it
|
|---|
| 63 | must be created manually:</para>
|
|---|
| 64 |
|
|---|
| 65 | <para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>
|
|---|
| 66 |
|
|---|
| 67 | <para>The <filename>vipw</filename> link is currently pointing
|
|---|
| 68 | to a non-existing file. Since this file isn't needed here, remove
|
|---|
| 69 | it:</para>
|
|---|
| 70 |
|
|---|
| 71 | <para><screen><userinput>rm /bin/vipw</userinput></screen></para>
|
|---|
| 72 |
|
|---|
| 73 | <para>Move the <userinput>sg</userinput> program to the
|
|---|
| 74 | <filename class="directory">/usr/bin</filename> directory:</para>
|
|---|
| 75 |
|
|---|
| 76 | <para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>
|
|---|
| 77 |
|
|---|
| 78 | <para>Move Shadow's dynamic libraries to a more appropriate location:</para>
|
|---|
| 79 |
|
|---|
| 80 | <para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>
|
|---|
| 81 |
|
|---|
| 82 | <para>The libraries have been moved, but some packages expect to
|
|---|
| 83 | find them in them in the
|
|---|
| 84 | <filename class="directory">/usr/lib</filename> directory. To account
|
|---|
| 85 | for this, create the following symlinks:</para>
|
|---|
| 86 |
|
|---|
| 87 | <para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
|
|---|
| 88 | ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>
|
|---|
| 89 |
|
|---|
| 90 | <para>Sh-utils and Shadow Password Suite each install a unique
|
|---|
| 91 | <filename>groups</filename> program. If you wish, you may remove the
|
|---|
| 92 | <filename>groups</filename> program installed by the Shadow Password
|
|---|
| 93 | Suite:</para>
|
|---|
| 94 |
|
|---|
| 95 | <para><screen><userinput>rm /bin/groups</userinput></screen></para>
|
|---|
| 96 |
|
|---|
| 97 | </sect2>
|
|---|
