CBLFS - User contributions [en]

User:Justin

2012-09-03T20:08:12Z

Justin: Created page with "Testing SimpleCaptcha"

Testing SimpleCaptcha

Shadow

2012-09-02T15:28:19Z

Justin:

{| style="text-align: left; background-color: AliceBlue;"
|-valign="top"
!Download Source:
| http://pkg-shadow.alioth.debian.org/releases/shadow-{{Shadow-Version}}.tar.bz2
|}

{{Blank-Package-Introduction}}

== Dependencies ==

=== Optional ===
* [[Cracklib]]
* [[PAM Library]]
* [[libaudit]]
* [[libskey]]
* [[SELinux]]

== Configuration Information ==

If you have not installed [[PAM Library]], then use this flag instead of ''--with-libpam'' in the instructions below.

--without-libpam

If you have not installed [[Cracklib]], then remove this flag from the instructions below.

--with-libcrack

== Non-Multilib ==

Configure and compile the package:

./configure --libdir=/lib --sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
find man -name Makefile -exec sed -i '/groups.1.xml/d' '{}' \; &&
find man -name Makefile -exec sed -i 's/groups.1 //' '{}' \; &&
make

Install the package:

make install &&
mv -v /usr/bin/passwd /bin

== Multilib ==

=== 64Bit ===

CC="gcc ${BUILD64}" ./configure --libdir=/lib64 --sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
find man -name Makefile -exec sed -i '/groups.1.xml/d' '{}' \; &&
find man -name Makefile -exec sed -i 's/groups.1 //' '{}' \; &&
make

Install the package:

make install &&
mv -v /usr/bin/passwd /bin

== Configuring ==

=== login.defs ===

Setup Configuration files:

cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs

FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done

=== [[Linux-PAM]] Services ===

==== /etc/pam.d/login ====

This is the file that controls the login program

cat > /etc/pam.d/login << "EOF"
#%PAM-1.0
#
# The common PAM configuration file for login
#
auth required pam_shells.so
auth include system-auth
auth optional pam_securetty.so

account required pam_nologin.so
account include system-auth

password include system-auth

session include system-auth
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_lastlog.so nowtmp
session optional pam_mail.so dir=/var/mail standard
EOF

Also make sure '''/etc/shells''' exists because the '''pam_shells.so''' module will only permit a login if your users login shell appears in '''/etc/shells'''.

==== /etc/pam.d/{chage chfn chgpasswd chpasswd chsh groupadd groupdel groupmems groupmod newusers passwd useradd userdel usermod} ====

These are the files that control changing of a password

for file in chage chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \
groupmod newusers passwd useradd userdel usermod; do
cat > /etc/pam.d/$file << "EOF"
#%PAM-1.0
#
# The common PAM configuration file authentication only, root ok
#
auth sufficient pam_rootok.so

account required pam_permit.so
account include system-auth

password include system-auth
EOF
done

==== /etc/pam.d/su ====

This is the file that controls su access

cat > /etc/pam.d/su << "EOF"
#%PAM-1.0
#
# The common PAM configuration file for su
#
auth sufficient pam_rootok.so
auth include system-auth

account include system-auth

password include system-auth

session include system-auth
session optional pam_xauth.so
EOF

=== Where to go? ===

See [[Configuring for Adding Users]]

==Contents==

{| style="text-align: left;"
|-valign="top"
! Installed Programs:
|login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw
|-valign="top"
! Installed Libraries:
|
|-valign="top"
! Installed Directories:
| /etc/pam.d
|}

=== Short Descriptions ===

{| style="text-align: left;"
|-valign="top"
! expiry
| Checks and enforces the current password expiration policy
|-valign="top"
! faillog
| Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count
|-valign="top"
! gpasswd
| Is used to add and delete members and administrators to groups
|-valign="top"
! groupadd
| Creates a group with the given name
|-valign="top"
! groupdel
| Deletes the group with the given name
|-valign="top"
! groupmod
| Is used to modify the given group's name or GID
|-valign="top"
! grpck
| Verifies the integrity of the group files /etc/group and /etc/gshadow
|-valign="top"
! grpconv
| Creates or updates the shadow group file from the normal group file
|-valign="top"
! grpunconv
| Updates /etc/group from /etc/gshadow and then deletes the latter
|-valign="top"
! lastlog
| Reports the most recent login of all users or of a given user
|-valign="top"
! login
| Is used by the system to let users sign on
|-valign="top"
! logoutd
| Is a daemon used to enforce restrictions on log-on time and ports
|-valign="top"
! newgrp
| Is used to change the current GID during a login session
|-valign="top"
! newusers
| Is used to create or update an entire series of user accounts
|-valign="top"
! nologin
| Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled
|-valign="top"
! passwd
| Is used to change the password for a user or group account
|-valign="top"
! pwck
| Verifies the integrity of the password files /etc/passwd and /etc/shadow
|-valign="top"
! pwconv
| Creates or updates the shadow password file from the normal password file
|-valign="top"
! pwunconv
| Updates /etc/passwd from /etc/shadow and then deletes the latter
|-valign="top"
! sg
| Executes a given command while the user's GID is set to that of the given group
|-valign="top"
! su
| Runs a shell with substitute user and group IDs
|-valign="top"
! useradd
| Creates a new user with the given name, or updates the default new-user information
|-valign="top"
! userdel
| Deletes the given user account
|-valign="top"
! usermod
| Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc.
|-valign="top"
! vigr
| Edits the /etc/group or /etc/gshadow files
|-valign="top"
! vipw
| Edits the /etc/passwd or /etc/shadow files
|}

Shadow

2012-09-02T15:28:10Z

Justin:

{| style="text-align: left; background-color: AliceBlue;"
|-valign="top"
!Download Source:
| http://pkg-shadow.alioth.debian.org/releases/shadow-{{Shadow-Version}}.tar.bz2
|}

{{Blank-Package-Introduction}}

== Dependencies ==

test

=== Optional ===
* [[Cracklib]]
* [[PAM Library]]
* [[libaudit]]
* [[libskey]]
* [[SELinux]]

== Configuration Information ==

If you have not installed [[PAM Library]], then use this flag instead of ''--with-libpam'' in the instructions below.

--without-libpam

If you have not installed [[Cracklib]], then remove this flag from the instructions below.

--with-libcrack

== Non-Multilib ==

Configure and compile the package:

./configure --libdir=/lib --sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
find man -name Makefile -exec sed -i '/groups.1.xml/d' '{}' \; &&
find man -name Makefile -exec sed -i 's/groups.1 //' '{}' \; &&
make

Install the package:

make install &&
mv -v /usr/bin/passwd /bin

== Multilib ==

=== 64Bit ===

CC="gcc ${BUILD64}" ./configure --libdir=/lib64 --sysconfdir=/etc --enable-shared \
--without-audit --without-selinux --with-libcrack --with-libpam &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
find man -name Makefile -exec sed -i '/groups.1.xml/d' '{}' \; &&
find man -name Makefile -exec sed -i 's/groups.1 //' '{}' \; &&
make

Install the package:

make install &&
mv -v /usr/bin/passwd /bin

== Configuring ==

=== login.defs ===

Setup Configuration files:

cp etc/login.defs /etc/login.defs
sed -i -e 's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs

FUNCTIONS="LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE MOTD_FILE
NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB CONSOLE_GROUPS
ENVIRON_FILE ULIMIT ENV_TZ ENV_HZ ENV_SUPATH ENV_PATH QMAIL_DIR MAIL_DIR
MAIL_FILE CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH PASS_CHANGE_TRIES PASS_ALWAYS"
for function in $FUNCTIONS; do
sed -i "s/^$function/# &/" /etc/login.defs
done

=== [[Linux-PAM]] Services ===

==== /etc/pam.d/login ====

This is the file that controls the login program

cat > /etc/pam.d/login << "EOF"
#%PAM-1.0
#
# The common PAM configuration file for login
#
auth required pam_shells.so
auth include system-auth
auth optional pam_securetty.so

account required pam_nologin.so
account include system-auth

password include system-auth

session include system-auth
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_lastlog.so nowtmp
session optional pam_mail.so dir=/var/mail standard
EOF

Also make sure '''/etc/shells''' exists because the '''pam_shells.so''' module will only permit a login if your users login shell appears in '''/etc/shells'''.

==== /etc/pam.d/{chage chfn chgpasswd chpasswd chsh groupadd groupdel groupmems groupmod newusers passwd useradd userdel usermod} ====

These are the files that control changing of a password

for file in chage chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \
groupmod newusers passwd useradd userdel usermod; do
cat > /etc/pam.d/$file << "EOF"
#%PAM-1.0
#
# The common PAM configuration file authentication only, root ok
#
auth sufficient pam_rootok.so

account required pam_permit.so
account include system-auth

password include system-auth
EOF
done

==== /etc/pam.d/su ====

This is the file that controls su access

cat > /etc/pam.d/su << "EOF"
#%PAM-1.0
#
# The common PAM configuration file for su
#
auth sufficient pam_rootok.so
auth include system-auth

account include system-auth

password include system-auth

session include system-auth
session optional pam_xauth.so
EOF

=== Where to go? ===

See [[Configuring for Adding Users]]

==Contents==

{| style="text-align: left;"
|-valign="top"
! Installed Programs:
|login, su, nologin, faillog, lastlog, chage, chfn, chsh, expiry, gpasswd, newgrp, passwd, chgpasswd, chpasswd, groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv, logoutd, newusers, pwck, pwconv, pwunconv, useradd, userdel, usermod, vipw
|-valign="top"
! Installed Libraries:
|
|-valign="top"
! Installed Directories:
| /etc/pam.d
|}

=== Short Descriptions ===

{| style="text-align: left;"
|-valign="top"
! expiry
| Checks and enforces the current password expiration policy
|-valign="top"
! faillog
| Is used to examine the log of login failures, to set a maximum number of failures before an account is blocked, or to reset the failure count
|-valign="top"
! gpasswd
| Is used to add and delete members and administrators to groups
|-valign="top"
! groupadd
| Creates a group with the given name
|-valign="top"
! groupdel
| Deletes the group with the given name
|-valign="top"
! groupmod
| Is used to modify the given group's name or GID
|-valign="top"
! grpck
| Verifies the integrity of the group files /etc/group and /etc/gshadow
|-valign="top"
! grpconv
| Creates or updates the shadow group file from the normal group file
|-valign="top"
! grpunconv
| Updates /etc/group from /etc/gshadow and then deletes the latter
|-valign="top"
! lastlog
| Reports the most recent login of all users or of a given user
|-valign="top"
! login
| Is used by the system to let users sign on
|-valign="top"
! logoutd
| Is a daemon used to enforce restrictions on log-on time and ports
|-valign="top"
! newgrp
| Is used to change the current GID during a login session
|-valign="top"
! newusers
| Is used to create or update an entire series of user accounts
|-valign="top"
! nologin
| Displays a message that an account is not available. Designed to be used as the default shell for accounts that have been disabled
|-valign="top"
! passwd
| Is used to change the password for a user or group account
|-valign="top"
! pwck
| Verifies the integrity of the password files /etc/passwd and /etc/shadow
|-valign="top"
! pwconv
| Creates or updates the shadow password file from the normal password file
|-valign="top"
! pwunconv
| Updates /etc/passwd from /etc/shadow and then deletes the latter
|-valign="top"
! sg
| Executes a given command while the user's GID is set to that of the given group
|-valign="top"
! su
| Runs a shell with substitute user and group IDs
|-valign="top"
! useradd
| Creates a new user with the given name, or updates the default new-user information
|-valign="top"
! userdel
| Deletes the given user account
|-valign="top"
! usermod
| Is used to modify the given user's login name, User Identification (UID), shell, initial group, home directory, etc.
|-valign="top"
! vigr
| Edits the /etc/group or /etc/gshadow files
|-valign="top"
! vipw
| Edits the /etc/passwd or /etc/shadow files
|}