Date: Sunday, October 16, 2022 @ 19:41:29 Author: dvzrv Revision: 458268
Update login.defs patch. Also comment SYSLOG_SU_ENAB, PASS_MIN_LEN and PREVENT_NO_AUTH as they are not supported with PAM and/or util-linux (https://bugs.archlinux.org/task/69933#comment211960). Modified: shadow/trunk/shadow-4.11.1-login.defs.patch --------------------------------+ shadow-4.11.1-login.defs.patch | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) Modified: shadow-4.11.1-login.defs.patch =================================================================== --- shadow-4.11.1-login.defs.patch 2022-10-16 19:38:09 UTC (rev 458267) +++ shadow-4.11.1-login.defs.patch 2022-10-16 19:41:29 UTC (rev 458268) @@ -1,5 +1,5 @@ diff --git i/etc/login.defs w/etc/login.defs -index 114dbcd9..0496c56c 100644 +index 114dbcd9..1315e546 100644 --- i/etc/login.defs +++ w/etc/login.defs @@ -3,6 +3,8 @@ @@ -35,7 +35,7 @@ # # Limit the highest user ID number for which the lastlog entries should -@@ -46,22 +48,22 @@ LASTLOG_ENAB yes +@@ -46,28 +48,28 @@ LASTLOG_ENAB yes # Disable if the shell startup files already check for mail # ("mailx -e" or equivalent). # @@ -62,6 +62,13 @@ # # Enable "syslog" logging of su(1) activity - in addition to sulog file logging. + # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). + # +-SYSLOG_SU_ENAB yes ++# SYSLOG_SU_ENAB yes + SYSLOG_SG_ENAB yes + + # @@ -87,7 +89,7 @@ CONSOLE /etc/securetty # If defined, ":" delimited list of "message of the day" files to # be displayed upon login. @@ -128,6 +135,15 @@ #ULIMIT 2097152 # Default initial "umask" value used by login(1) on non-PAM enabled systems. +@@ -216,7 +218,7 @@ UMASK 022 + # + PASS_MAX_DAYS 99999 + PASS_MIN_DAYS 0 +-PASS_MIN_LEN 5 ++# PASS_MIN_LEN 5 + PASS_WARN_AGE 7 + + # @@ -225,12 +227,12 @@ PASS_WARN_AGE 7 # to uid 0 accounts. If the group doesn't exist or is empty, no one # will be able to "su" to uid 0. @@ -203,3 +219,12 @@ # # If defined, this command is run when removing a user. +@@ -465,7 +467,7 @@ USERGROUPS_ENAB yes + # Set to "yes" to prevent for all accounts + # Set to "superuser" to prevent for UID 0 / root (default) + # Set to "no" to not prevent for any account (dangerous, historical default) +-PREVENT_NO_AUTH superuser ++# PREVENT_NO_AUTH superuser + + # + # Select the HMAC cryptography algorithm.
