Changeset 73aedd1d for chapter06/shadowpwd.xml
- Timestamp:
- 11/01/2003 10:31:50 PM (21 years ago)
- Branches:
- 10.0, 10.0-rc1, 10.1, 10.1-rc1, 11.0, 11.0-rc1, 11.0-rc2, 11.0-rc3, 11.1, 11.1-rc1, 11.2, 11.2-rc1, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, 6.0, 6.1, 6.1.1, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.5-systemd, 7.6, 7.6-systemd, 7.7, 7.7-systemd, 7.8, 7.8-systemd, 7.9, 7.9-systemd, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, arm, bdubbs/gcc13, ml-11.0, multilib, renodr/libudev-from-systemd, s6-init, trunk, v5_0, v5_1, v5_1_1, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/lfs-next, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
- Children:
- 49f4dd5
- Parents:
- 0b400add
- File:
-
- 1 edited
-
chapter06/shadowpwd.xml (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
chapter06/shadowpwd.xml
r0b400add r73aedd1d 8 8 &aa-shadowpwd-shortdesc; 9 9 &aa-shadowpwd-dep; 10 &c6-shadowpwd-inst; 11 &c6-cf-shadowpwd; 10 11 <sect2><title> </title><para> </para></sect2> 12 13 <sect2> 14 <title>Installation of Shadow</title> 15 16 <para>The <userinput>login</userinput>, <userinput>getty</userinput> and 17 <userinput>init</userinput> programs (and some others) maintain a number 18 of logfiles to record who are and who were logged in to the system. These 19 programs, however, don't create these logfiles when they don't exist, so if 20 you want this logging to occur you will have to create the files yourself. 21 The Shadow package needs to detect these files in their proper place, so we 22 create them now, with their proper permissions:</para> 23 24 <screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} 25 chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen> 26 27 <para>The <filename>/var/run/utmp</filename> file lists the users that are 28 currently logged in, the <filename>/var/log/wtmp</filename> file who 29 <emphasis>were</emphasis> logged in and when. 30 The <filename>/var/log/lastlog</filename> file shows for each user when he 31 or she last logged in, and the <filename>/var/log/btmp</filename> lists the 32 bad login attempts.</para> 33 34 <para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary 35 within the binary itself, but does this the wrong way. If a 36 <userinput>passwd</userinput> binary is not present before installing Shadow, 37 the package incorrectly assumes it is going to be located at 38 <filename>/bin/passwd</filename>, but then installs it in 39 <filename>/usr/bin/passwd</filename>. This will lead to errors about not finding 40 <filename>/bin/passwd</filename>. To work around this bug, create a dummy 41 <filename>passwd</filename> file, so that it gets hard-wired properly:</para> 42 43 <screen><userinput>touch /usr/bin/passwd</userinput></screen> 44 45 <para>The current Shadow suite has a problem that causes the 46 <userinput>newgrp</userinput> command to fail. The following patch (also 47 appearing in Shadow's CVS code) fixes this problem:</para> 48 49 <screen><userinput>patch -Np1 -i ../&shadow-patch;</userinput></screen> 50 51 <para>Now prepare Shadow for compilation:</para> 52 53 <screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen> 54 55 <para>Compile the package:</para> 56 57 <screen><userinput>make</userinput></screen> 58 59 <para>And install it:</para> 60 61 <screen><userinput>make install</userinput></screen> 62 63 <para>Shadow uses two files to configure authentication settings for the 64 system. Install these two config files:</para> 65 66 <screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen> 67 68 <para>We want to change the password method to enable MD5 passwords which are 69 theoretically more secure than the default "crypt" method and also allow 70 password lengths greater than 8 characters. We also need to change the old 71 <filename class="directory">/var/spool/mail</filename> location for user 72 mailboxes to the current location at 73 <filename class="directory">/var/mail</filename>. We do this by changing the 74 relevant configuration file while copying it to its destination:</para> 75 76 <screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \ 77 -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \ 78 etc/login.defs.linux > /etc/login.defs</userinput></screen> 79 80 <note><para>Be extra careful when typing all of the above. It is probably safer 81 to cut-and-paste it rather than try and type it all in.</para></note> 82 83 <para>According to the man page of <userinput>vipw</userinput>, a 84 <userinput>vigr</userinput> program should exist too. Since the installation 85 procedure doesn't create this program, create a symlink manually:</para> 86 87 <screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen> 88 89 <para>As the <filename>/bin/vipw</filename> symlink is redundant (and even 90 pointing to a non-existent file), remove it:</para> 91 92 <screen><userinput>rm /bin/vipw</userinput></screen> 93 94 <para>Now move the <userinput>sg</userinput> program to its proper place:</para> 95 96 <screen><userinput>mv /bin/sg /usr/bin</userinput></screen> 97 98 <para>And move Shadow's dynamic libraries to a more appropriate location:</para> 99 100 <screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen> 101 102 <para>As some packages expect to find the just-moved libraries in 103 <filename>/usr/lib</filename>, create the following symlinks:</para> 104 105 <screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so 106 ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen> 107 108 <para>Coreutils has already installed a <userinput>groups</userinput> program 109 in <filename>/usr/bin</filename>. If you wish, you can remove the one 110 installed by Shadow:</para> 111 112 <screen><userinput>rm /bin/groups</userinput></screen> 113 114 </sect2> 12 115 13 116 </sect1> 117
Note:
See TracChangeset
for help on using the changeset viewer.
