Changeset 352dce0 for BOOK


Ignore:
Timestamp:
Jun 2, 2017, 10:01:57 PM (7 years ago)
Author:
William Harrington <kb0iic@…>
Branches:
master, systemd
Children:
c96cc3f
Parents:
72d19e2
Message:

Shadow nologin should be installed and any remnants of Util-linux nologin should be removed. It is done.

Location:
BOOK
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • BOOK/boot/common/shadow.xml

    r72d19e2 r352dce0  
    2323    <title>Installation of Shadow</title>
    2424
    25     <para os="a">Run the following <command>sed</command> command to disable
    26     the installation of the <command>groups</command> and
    27     <command>nologin</command> programs, as better versions of these programs
    28     are provided by other packages, and prevent Shadow from setting the suid
    29     bit on its installed programs:</para>
     25    <para os="a">Disable the installation of the <command>groups</command>
     26    program and man pages, as better versions of these programs are provided by
     27    Coreutils, Util-linux and Man-pages. Also, prevent Shadow from setting the
     28    suid bit on its installed programs:</para>
    3029
    3130<screen os="b"><userinput>cp -v src/Makefile.in{,.orig}
    3231sed -e 's/groups$(EXEEXT) //' \
    33     -e 's/= nologin$(EXEEXT)/= /' \
    3432    -e 's/\(^suidu*bins = \).*/\1\\/' \
    3533    src/Makefile.in.orig &gt; src/Makefile.in</userinput></screen>
  • BOOK/final-system/common/shadow.xml

    r72d19e2 r352dce0  
    4040    </note>
    4141
    42     <para os="b">Disable the installation of the <command>groups</command> and
    43     <command>nologin</command> programs and their man pages, as better versions
    44     of these programs are provided by Coreutils and Util-linux:</para>
     42    <para os="b">Disable the installation of the <command>groups</command>
     43    program and man pages, as better versions of these programs are provided by
     44    Coreutils, Util-linux and Man-pages:</para>
    4545
    4646<screen os="c"><userinput>sed -i src/Makefile.in \
    47   -e 's/groups$(EXEEXT) //' -e 's/= nologin$(EXEEXT)/= /'
     47  -e 's/groups$(EXEEXT) //'
    4848find man -name Makefile.in -exec sed -i \
    4949  -e 's/man1\/groups\.1 //' \
    5050  -e 's/man3\/getspnam\.3 //' \
    51   -e 's/man8\/nologin\.8 //' \
    5251  -e 's/man5\/passwd\.5 //' '{}' \;</userinput></screen>
    5352
     
    174173        <seg>chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog, gpasswd,
    175174        groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv,
    176         lastlog, login, logoutd, newgrp, newusers, passwd, pwck,
     175        lastlog, login, logoutd, newgrp, newusers, nologin, passwd, pwck,
    177176        pwconv, pwunconv, sg (link to newgrp), su, useradd, userdel, usermod,
    178177        vigr (link to vipw), vipw</seg>
     
    399398      </varlistentry>
    400399
     400      <varlistentry id="nologin">
     401        <term><command>nologin</command></term>
     402        <listitem>
     403          <para>Displays a message that an account is not available. It is
     404          designed to be used as the default shell for disabled accounts.</para>
     405          <indexterm zone="ch-system-shadow nologin">
     406            <primary sortas="b-nologin">nologin</primary>
     407          </indexterm>
     408        </listitem>
     409      </varlistentry>
     410
    401411      <varlistentry id="passwd">
    402412        <term><command>passwd</command></term>
  • BOOK/final-system/common/util-linux.xml

    r72d19e2 r352dce0  
    712712      </varlistentry>
    713713
    714       <varlistentry id="nologin">
    715         <term><command>nologin</command></term>
    716         <listitem>
    717           <para>Displays a message that an account is not available. Designed
    718           to be used as the default shell for accounts that have been
    719           disabled</para>
    720           <indexterm zone="ch-system-util-linux nologin">
    721             <primary sortas="b-nologin">nologin</primary>
    722           </indexterm>
    723         </listitem>
    724       </varlistentry>
    725 
    726714      <varlistentry id="nsenter">
    727715        <term><command>nsenter</command></term>
  • BOOK/temp-system/common/util-linux.xml

    r72d19e2 r352dce0  
    3333    --disable-makeinstall-chown \
    3434    --disable-makeinstall-setuid \
     35    --disable-nologin \
    3536    --without-python</userinput></screen>
    3637
     
    5152          <para>This prevents Util-linux from enabling the setuid bit on
    5253          any of its installed programs.</para>
     54        </listitem>
     55      </varlistentry>
     56
     57      <varlistentry>
     58        <term><parameter>--disable-nologin</parameter></term>
     59        <listitem>
     60          <para>This prevents Util-linux from installing
     61          <command>nologin</command>.</para>
    5362        </listitem>
    5463      </varlistentry>
  • BOOK/temp-system/multilib/util-linux.xml

    r72d19e2 r352dce0  
    3434    --disable-makeinstall-chown \
    3535    --disable-makeinstall-setuid \
     36    --disable-nologin \
    3637    --without-python</userinput></screen>
    3738
Note: See TracChangeset for help on using the changeset viewer.