source: chapter06/shadowpwd-inst.xml@ 791dec6

10.0 10.0-rc1 10.1 10.1-rc1 11.0 11.0-rc1 11.0-rc2 11.0-rc3 11.1 11.1-rc1 11.2 11.2-rc1 11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 6.0 6.1 6.1.1 6.3 6.4 6.5 6.6 6.7 6.8 7.0 7.1 7.2 7.3 7.4 7.5 7.5-systemd 7.6 7.6-systemd 7.7 7.7-systemd 7.8 7.8-systemd 7.9 7.9-systemd 8.0 8.1 8.2 8.3 8.4 9.0 9.1 arm bdubbs/gcc13 ml-11.0 multilib renodr/libudev-from-systemd s6-init trunk v5_0 v5_1 v5_1_1 xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/lfs-next xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/pip3 xry111/rust-wip-20221008 xry111/update-glibc
Last change on this file since 791dec6 was 360e2c4, checked in by Alex Gronenwoud <alex@…>, 21 years ago

Adding some markup and doing miscellaneous shuffles.

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@3029 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
  • Property mode set to 100644
File size: 4.6 KB
Line 
1<sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
2
3<sect2>
4<title>Installation of Shadow</title>
5
6<para>The <userinput>login</userinput>, <userinput>getty</userinput> and
7<userinput>init</userinput> programs (and some others) maintain a number
8of logfiles to record who are and who were logged in to the system. These
9programs, however, don't create these logfiles when they don't exist, so if
10you want this logging to occur you will have to create the files yourself.
11The Shadow package needs to detect these files in their proper place, so we
12create them now, with their proper permissions:</para>
13
14<screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
15chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen>
16
17<para>The <filename>/var/run/utmp</filename> file lists the users that are
18currently logged in, the <filename>/var/log/wtmp</filename> file who
19<emphasis>were</emphasis> logged in and when.
20The <filename>/var/log/lastlog</filename> file shows for each user when he
21or she last logged in, and the <filename>/var/log/btmp</filename> lists the
22bad login attempts.</para>
23
24<para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
25within the binary itself, but does this the wrong way. If a
26<userinput>passwd</userinput> binary is not present before installing Shadow,
27the package incorrectly assumes it is going to be located at
28<filename>/bin/passwd</filename>, but then installs it in
29<filename>/usr/bin/passwd</filename>. This will lead to errors about not finding
30<filename>/bin/passwd</filename>. To work around this bug, create a dummy
31<filename>passwd</filename> file, so that it gets hard-wired properly:</para>
32
33<screen><userinput>touch /usr/bin/passwd</userinput></screen>
34
35<para>The current Shadow suite has a problem that causes in the
36<userinput>newgrp</userinput> command to fail. The following patch (also
37appearing in Shadow's CVS code) fixes this problem:</para>
38
39<screen><userinput>patch -Np1 -i ../&shadow-patch;</userinput></screen>
40
41<para>Now prepare Shadow for compilation:</para>
42
43<screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen>
44
45<para>Compile the package:</para>
46
47<screen><userinput>make</userinput></screen>
48
49<para>And install it:</para>
50
51<screen><userinput>make install</userinput></screen>
52
53<para>Shadow uses two files to configure authentication settings for the
54system. Install these two config files:</para>
55
56<screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen>
57
58<para>We want to change the password method to enable MD5 passwords which are
59theoretically more secure than the default "crypt" method and also allow
60password lengths greater than 8 characters. We also need to change the old
61<filename class="directory">/var/spool/mail</filename> location for user
62mailboxes to the current location at
63<filename class="directory">/var/mail</filename>. We do this by changing the
64relevant configuration file while copying it to its destination:</para>
65
66<screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
67&nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
68&nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen>
69
70<note><para>Be extra careful when typing all of the above. It is probably safer
71to cut-and-paste it rather than try and type it all in.</para></note>
72
73<para>According to the man page of <userinput>vipw</userinput>, a
74<userinput>vigr</userinput> program should exist too. Since the installation
75procedure doesn't create this program, create a symlink manually:</para>
76
77<screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen>
78
79<para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
80pointing to a non-existent file), remove it:</para>
81
82<screen><userinput>rm /bin/vipw</userinput></screen>
83
84<para>Now move the <userinput>sg</userinput> program to its proper place:</para>
85
86<screen><userinput>mv /bin/sg /usr/bin</userinput></screen>
87
88<para>And move Shadow's dynamic libraries to a more appropriate location:</para>
89
90<screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen>
91
92<para>As some packages expect to find the just-moved libraries in
93<filename>/usr/lib</filename>, create the following symlinks:</para>
94
95<screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
96ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen>
97
98<para>Coreutils has already installed a <userinput>groups</userinput> program
99in <filename>/usr/bin</filename>. If you wish, you can remove the one
100installed by Shadow:</para>
101
102<screen><userinput>rm /bin/groups</userinput></screen>
103
104</sect2>
105
Note: See TracBrowser for help on using the repository browser.