Changeset 7447a2c for BOOK/final-system/common
- Timestamp:
- Feb 21, 2006, 2:13:50 AM (19 years ago)
- Branches:
- clfs-1.2, clfs-2.1, clfs-3.0.0-systemd, clfs-3.0.0-sysvinit, master, systemd, sysvinit
- Children:
- 521c55b
- Parents:
- ed25565
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
BOOK/final-system/common/shadow.xml
red25565 r7447a2c 43 43 </note> 44 44 45 <para os="p1">Shadow has selinux, pam, and auditing defaulted to on. The46 following patch properly fixes this issue:</para>47 48 <screen os="p2"><userinput>patch -Np1 -i ../&shadow-configure_fix-patch;</userinput></screen>49 50 45 <para os="b">Prepare Shadow for compilation:</para> 51 46 52 <screen os="c"><userinput>./configure --libdir=/lib --enable-shared</userinput></screen> 53 54 <para os="d">Disable the installation of the <command>groups</command> 47 <screen os="c"><userinput>./configure --libdir=/lib --enable-shared \ 48 --without-libpam --without-audit --without-selinux</userinput></screen> 49 50 <para os="d">The meaning of the configure options:</para> 51 52 <variablelist os="e"> 53 <varlistentry> 54 <term><parameter>--without-libpam</parameter></term> 55 <listitem><para>Support for Linux-PAM is enabled by default in Shadow, 56 however PAM is not installed on a base LFS system, so this switch 57 disables PAM support in Shadow. For instructions to install PAM and 58 link Shadow to it, you can look at 59 <ulink url="&blfs-root;view/svn/postlfs/shadow.html"/>.</para></listitem> 60 </varlistentry> 61 <varlistentry> 62 <term><parameter>--without-audit</parameter></term> 63 <listitem><para>Support for auditing is enabled by default, but a 64 a library that it needs is not installed in a base LFS system. This 65 switch disables auditing support.</para></listitem> 66 </varlistentry> 67 <varlistentry> 68 <term><parameter>--without-selinux</parameter></term> 69 <listitem><para>Support for selinux is enabled by default, but selinux 70 is not built in a base LFS system and configure will fail without this 71 switch.</para></listitem> 72 </varlistentry> 73 </variablelist> 74 75 <para os="f">Disable the installation of the <command>groups</command> 55 76 program and its man page, as Coreutils provides a better version:</para> 56 77 57 <screen os=" e"><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile78 <screen os="g"><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile 58 79 sed -i '/groups/d' man/Makefile</userinput></screen> 59 80 60 <para os=" f">Compile the package:</para>61 62 <screen os=" g"><userinput>make</userinput></screen>63 64 <para os=" h">Install the package:</para>65 66 <screen os=" i"><userinput>make install</userinput></screen>67 68 <para id="shadow-limits-login_access" os=" j">Shadow uses two files to configure81 <para os="h">Compile the package:</para> 82 83 <screen os="i"><userinput>make</userinput></screen> 84 85 <para os="j">Install the package:</para> 86 87 <screen os="k"><userinput>make install</userinput></screen> 88 89 <para id="shadow-limits-login_access" os="l">Shadow uses two files to configure 69 90 authentication settings for the system. Install these two configuration 70 91 files:</para> 71 92 72 <indexterm zone="shadow-limits-login_access" os=" k">93 <indexterm zone="shadow-limits-login_access" os="m"> 73 94 <primary sortas="e-/etc/limits">/etc/limits</primary> 74 95 </indexterm> 75 96 76 <indexterm zone="shadow-limits-login_access" os=" l">97 <indexterm zone="shadow-limits-login_access" os="n"> 77 98 <primary sortas="e-/etc/login.access">/etc/login.access</primary> 78 99 </indexterm> 79 100 80 <screen os=" m"><userinput>cp etc/{limits,login.access} /etc</userinput></screen>81 82 <para id="shadow-login_defs" os=" n">Instead of using the default101 <screen os="o"><userinput>cp etc/{limits,login.access} /etc</userinput></screen> 102 103 <para id="shadow-login_defs" os="p">Instead of using the default 83 104 <emphasis>crypt</emphasis> method, use the more secure 84 105 <emphasis>MD5</emphasis> method of password encryption, which also allows … … 90 111 while copying it to its destination:</para> 91 112 92 <indexterm zone="shadow-login_defs" os=" o">113 <indexterm zone="shadow-login_defs" os="q"> 93 114 <primary sortas="e-/etc/login.defs">/etc/login.defs</primary> 94 115 </indexterm> 95 116 96 <note os=" p">117 <note os="r"> 97 118 <para>If you built Shadow with Cracklib support, insert the following into 98 119 the <command>sed</command> given below:</para> … … 101 122 </note> 102 123 103 <screen os=" q"><userinput>sed -e's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \124 <screen os="s"><userinput>sed -e's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \ 104 125 -e 's@/var/spool/mail@/var/mail@' \ 105 126 etc/login.defs > /etc/login.defs</userinput></screen> 106 127 107 <para os=" r">Move a misplaced program to its proper location:</para>108 109 <screen os=" s"><userinput>mv /usr/bin/passwd /bin</userinput></screen>110 111 <para os=" t">Move Shadow's dynamic libraries to a more appropriate128 <para os="t">Move a misplaced program to its proper location:</para> 129 130 <screen os="u"><userinput>mv /usr/bin/passwd /bin</userinput></screen> 131 132 <para os="v">Move Shadow's dynamic libraries to a more appropriate 112 133 location:</para> 113 134 114 <screen os=" u"><userinput>mv /lib/libshadow.*a /usr/lib135 <screen os="w"><userinput>mv /lib/libshadow.*a /usr/lib 115 136 rm /lib/libshadow.so 116 137 ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen> 117 138 118 <para os=" v">The <option>-D</option> option of the <command>useradd</command>139 <para os="x">The <option>-D</option> option of the <command>useradd</command> 119 140 program requires the <filename class="directory">/etc/default</filename> 120 141 directory for it to work properly:</para> 121 142 122 <screen os=" w"><userinput>install -d /etc/default</userinput></screen>143 <screen os="y"><userinput>install -d /etc/default</userinput></screen> 123 144 124 145 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.