Changeset a72db74


Ignore:
Timestamp:
Jun 2, 2017, 10:02:03 PM (7 years ago)
Author:
William Harrington <kb0iic@…>
Branches:
sysvinit
Children:
b0ebf92
Parents:
f991c3d
git-author:
William Harrington <kb0iic@…> (06/02/17 22:01:57)
git-committer:
William Harrington <kb0iic@…> (06/02/17 22:02:03)
Message:

Shadow nologin should be installed and any remnants of Util-linux nologin should be removed. It is done.

Location:
BOOK
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • BOOK/boot/common/shadow.xml

    rf991c3d ra72db74  
    2323    <title>Installation of Shadow</title>
    2424
    25     <para os="a">Run the following <command>sed</command> command to disable
    26     the installation of the <command>groups</command> and
    27     <command>nologin</command> programs, as better versions of these programs
    28     are provided by other packages, and prevent Shadow from setting the suid
    29     bit on its installed programs:</para>
     25    <para os="a">Disable the installation of the <command>groups</command>
     26    program and man pages, as better versions of these programs are provided by
     27    Coreutils, Util-linux and Man-pages. Also, prevent Shadow from setting the
     28    suid bit on its installed programs:</para>
    3029
    3130<screen os="b"><userinput>cp -v src/Makefile.in{,.orig}
    3231sed -e 's/groups$(EXEEXT) //' \
    33     -e 's/= nologin$(EXEEXT)/= /' \
    3432    -e 's/\(^suidu*bins = \).*/\1\\/' \
    3533    src/Makefile.in.orig &gt; src/Makefile.in</userinput></screen>

  • BOOK/final-system/common/shadow.xml

    rf991c3d ra72db74  
    4040    </note>
    4141
    42     <para os="b">Disable the installation of the <command>groups</command> and
    43     <command>nologin</command> programs and their man pages, as better versions
    44     of these programs are provided by Coreutils and Util-linux:</para>
     42    <para os="b">Disable the installation of the <command>groups</command>
     43    program and man pages, as better versions of these programs are provided by
     44    Coreutils, Util-linux and Man-pages:</para>
    4545
    4646<screen os="c"><userinput>sed -i src/Makefile.in \
    47   -e 's/groups$(EXEEXT) //' -e 's/= nologin$(EXEEXT)/= /'
     47  -e 's/groups$(EXEEXT) //'
    4848find man -name Makefile.in -exec sed -i \
    4949  -e 's/man1\/groups\.1 //' \
    5050  -e 's/man3\/getspnam\.3 //' \
    51   -e 's/man8\/nologin\.8 //' \
    5251  -e 's/man5\/passwd\.5 //' '{}' \;</userinput></screen>
    5352
     
    174173        <seg>chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog, gpasswd,
    175174        groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv,
    176         lastlog, login, logoutd, newgrp, newusers, passwd, pwck,
     175        lastlog, login, logoutd, newgrp, newusers, nologin, passwd, pwck,
    177176        pwconv, pwunconv, sg (link to newgrp), su, useradd, userdel, usermod,
    178177        vigr (link to vipw), vipw</seg>
     
    399398      </varlistentry>
    400399
     400      <varlistentry id="nologin">
     401        <term><command>nologin</command></term>
     402        <listitem>
     403          <para>Displays a message that an account is not available. It is
     404          designed to be used as the default shell for disabled accounts.</para>
     405          <indexterm zone="ch-system-shadow nologin">
     406            <primary sortas="b-nologin">nologin</primary>
     407          </indexterm>
     408        </listitem>
     409      </varlistentry>
     410
    401411      <varlistentry id="passwd">
    402412        <term><command>passwd</command></term>

  • BOOK/final-system/common/util-linux.xml

    rf991c3d ra72db74  
    718718      </varlistentry>
    719719
    720       <varlistentry id="nologin">
    721         <term><command>nologin</command></term>
    722         <listitem>
    723           <para>Displays a message that an account is not available. Designed
    724           to be used as the default shell for accounts that have been
    725           disabled</para>
    726           <indexterm zone="ch-system-util-linux nologin">
    727             <primary sortas="b-nologin">nologin</primary>
    728           </indexterm>
    729         </listitem>
    730       </varlistentry>
    731 
    732720      <varlistentry id="nsenter">
    733721        <term><command>nsenter</command></term>

  • BOOK/temp-system/common/util-linux.xml

    rf991c3d ra72db74  
    3333    --disable-makeinstall-chown \
    3434    --disable-makeinstall-setuid \
     35    --disable-nologin \
    3536    --without-python</userinput></screen>
    3637
     
    5152          <para>This prevents Util-linux from enabling the setuid bit on
    5253          any of its installed programs.</para>
     54        </listitem>
     55      </varlistentry>
     56
     57      <varlistentry>
     58        <term><parameter>--disable-nologin</parameter></term>
     59        <listitem>
     60          <para>This prevents Util-linux from installing
     61          <command>nologin</command>.</para>
    5362        </listitem>
    5463      </varlistentry>

  • BOOK/temp-system/multilib/util-linux.xml

    rf991c3d ra72db74  
    3434    --disable-makeinstall-chown \
    3535    --disable-makeinstall-setuid \
     36    --disable-nologin \
    3637    --without-python</userinput></screen>
    3738
Note: See TracChangeset for help on using the changeset viewer.