source: chapter06/shadowpwd-inst.xml@ f27835d

10.0 10.0-rc1 10.1 10.1-rc1 11.0 11.0-rc1 11.0-rc2 11.0-rc3 11.1 11.1-rc1 11.2 11.2-rc1 11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 6.0 6.1 6.1.1 6.3 6.4 6.5 6.6 6.7 6.8 7.0 7.1 7.2 7.3 7.4 7.5 7.5-systemd 7.6 7.6-systemd 7.7 7.7-systemd 7.8 7.8-systemd 7.9 7.9-systemd 8.0 8.1 8.2 8.3 8.4 9.0 9.1 arm bdubbs/gcc13 ml-11.0 multilib renodr/libudev-from-systemd s6-init trunk v5_0 v5_1 v5_1_1 xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/lfs-next xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/pip3 xry111/rust-wip-20221008 xry111/update-glibc
Last change on this file since f27835d was 21ba4e3, checked in by Greg Schafer <greg@…>, 21 years ago

Internal markup reworking to fix the extraneous whitespace problem in the "tidy generated" web site pages. Essentially replace all ocurrences of <para><screen> with <screen> (and of course the matching closing tags).

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2958 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

  • Property mode set to 100644
File size: 4.7 KB
Line 
1<sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
2
3<sect2>
4<title>Installation of Shadow Password Suite</title>
5
6<para>The <userinput>login</userinput>, <userinput>getty</userinput> and
7<userinput>init</userinput> programs (and some others) maintain a number
8of logfiles to record who are and who were logged in to the system. These
9programs, however, don't create these logfiles when they don't exist, so if
10you want this logging to occur you will have to create the files yourself.
11To let the Shadow package (that is installed next) detect these files in their
12proper place, create them now, with their proper permissions:</para>
13
14<para>Create these files with their proper permissions by running the
15following commands:</para>
16
17<screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
18chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen>
19
20<para>The <filename>/var/run/utmp</filename> file lists the users that are
21currently logged in, the <filename>/var/log/wtmp</filename> file who
22<emphasis>were</emphasis> logged in and when.
23The <filename>/var/log/lastlog</filename> file shows for each user when he
24or she last logged in, and the <filename>/var/log/btmp</filename> lists the
25bad login attempts.</para>
26
27<para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
28within the binary itself, but does this the wrong way. If a
29<userinput>passwd</userinput> binary is not present before installing Shadow,
30the package incorrectly assumes it is going to be located at
31<filename>/bin/passwd</filename>, but then installs it in
32<filename>/usr/bin/passwd</filename>. This will lead to errors about not finding
33<filename>/bin/passwd</filename>. To work around this bug, create a dummy
34<filename>passwd</filename> file, so that it gets hard-wired properly:</para>
35
36<screen><userinput>touch /usr/bin/passwd</userinput></screen>
37
38<para>The current shadow suite has a problem in the newgrp command which causes
39it to fail. The following patch (also appearing in Shadow's CVS code) fixes
40this problem.</para>
41
42<screen><userinput>patch -Np1 -i ../&shadow-patch;</userinput></screen>
43
44<para>Now prepare Shadow for compilation:</para>
45
46<screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen>
47
48<para>Compile the package:</para>
49
50<screen><userinput>make</userinput></screen>
51
52<para>And install it:</para>
53
54<screen><userinput>make install</userinput></screen>
55
56<para>Shadow uses two files to configure authentication settings for the
57system. Install these two config files:</para>
58
59<screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen>
60
61<para>We want to change the password method to enable MD5 passwords which are
62theoretically more secure than the default "crypt" method and also allow
63password lengths greater than 8 characters. We also need to change the old
64<filename class="directory">/var/spool/mail</filename> location for user
65mailboxes to the current location at
66<filename class="directory">/var/mail</filename>. We do this by changing the
67relevant configuration file while copying it to its destination:</para>
68
69<screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
70&nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
71&nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen>
72
73<note><para>Be extra careful when typing all of the above. It is probably safer
74to cut-and-paste it rather than try and type it all in.</para></note>
75
76<para>According to the man page of <userinput>vipw</userinput>, a
77<userinput>vigr</userinput> program should exist too. Since the installation
78procedure doesn't create this program, create a symlink manually:</para>
79
80<screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen>
81
82<para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
83pointing to a non-existent file), remove it:</para>
84
85<screen><userinput>rm /bin/vipw</userinput></screen>
86
87<para>Now move the <userinput>sg</userinput> program to its proper place:</para>
88
89<screen><userinput>mv /bin/sg /usr/bin</userinput></screen>
90
91<para>And move Shadow's dynamic libraries to a more appropriate location:</para>
92
93<screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen>
94
95<para>As some packages expect to find the just-moved libraries in
96<filename>/usr/lib</filename>, create the following symlinks:</para>
97
98<screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
99ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen>
100
101<para>Coreutils has already installed a <userinput>groups</userinput> program
102in <filename>/usr/bin</filename>. If you wish, you can remove the one
103installed by Shadow:</para>
104
105<screen><userinput>rm /bin/groups</userinput></screen>
106
107</sect2>
108
Note: See TracBrowser for help on using the repository browser.