Author: randy
Date: 2007-07-02 22:20:51 -0600 (Mon, 02 Jul 2007)
New Revision: 6829
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/shadow.xml
Log:
Updated to Shadow-4.0.18.1, which is the version used in LFS. Also modified the
/etc/pam.d/login files as suggested by Jonathan Oksman to strengthen the login
security
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2007-07-02 19:57:48 UTC (rev 6828)
+++ trunk/BOOK/general.ent 2007-07-03 04:20:51 UTC (rev 6829)
@@ -3,11 +3,11 @@
$Date$
-->
-<!ENTITY day "02"> <!-- Always 2 digits -->
+<!ENTITY day "03"> <!-- Always 2 digits -->
<!ENTITY month "07"> <!-- Always 2 digits -->
<!ENTITY year "2007">
<!ENTITY version "svn-&year;&month;&day;">
-<!ENTITY releasedate "July &day;nd, &year;">
+<!ENTITY releasedate "July &day;rd, &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!--
version|testing|unstable|development] -->
@@ -63,7 +63,7 @@
<!ENTITY cracklib-version "2.8.10">
<!ENTITY linux-pam-version "0.99.7.1">
-<!ENTITY shadow-version "4.0.17">
+<!ENTITY shadow-version "4.0.18.1">
<!ENTITY iptables-version "1.3.6">
<!ENTITY gnupg-version "1.4.7">
<!ENTITY tripwire-version "2.4.0.1">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml 2007-07-02 19:57:48 UTC
(rev 6828)
+++ trunk/BOOK/introduction/welcome/changelog.xml 2007-07-03 04:20:51 UTC
(rev 6829)
@@ -42,6 +42,17 @@
-->
<listitem>
+ <para>July 3rd, 2007</para>
+ <itemizedlist>
+ <listitem>
+ <para>[randy] - Updated to Shadow-4.0.18.1, which is the version used
+ in LFS. Also modified the /etc/pam.d/login file as suggested by
+ Jonathan Oksman to strengthen the login security.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>July 2nd, 2007</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/postlfs/security/shadow.xml
===================================================================
--- trunk/BOOK/postlfs/security/shadow.xml 2007-07-02 19:57:48 UTC (rev
6828)
+++ trunk/BOOK/postlfs/security/shadow.xml 2007-07-03 04:20:51 UTC (rev
6829)
@@ -4,11 +4,12 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
- <!ENTITY shadow-download-http
"http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2";>
- <!ENTITY shadow-download-ftp
"ftp://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2";>
- <!ENTITY shadow-md5sum "bc5972a195290533b4c0576276056ed9">
- <!ENTITY shadow-size "1.4 MB">
- <!ENTITY shadow-buildsize "17 MB">
+ <!-- <!ENTITY shadow-download-http
"http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2";> -->
+ <!ENTITY shadow-download-http
"http://cross-lfs.org/files/packages/svn/shadow-&shadow-version;.tar.bz2";>
+ <!ENTITY shadow-download-ftp
"ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2";>
+ <!ENTITY shadow-md5sum "e7751d46ecf219c07ae0b028ab3335c6">
+ <!ENTITY shadow-size "1.5 MB">
+ <!ENTITY shadow-buildsize "18 MB">
<!ENTITY shadow-time "0.3 SBU">
]>
@@ -61,15 +62,13 @@
</listitem>
</itemizedlist>
- <!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
<para>Required patch: <ulink
-
url="&patch-root;/shadow-&shadow-version;-configure_fix-1.patch"/></para>
+ url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para>
</listitem>
</itemizedlist>
- -->
<bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
@@ -101,12 +100,15 @@
<para>Reinstall <application>Shadow</application> by running the following
commands:</para>
-<screen><userinput>./configure --libdir=/lib \
+<screen><userinput>patch -Np1 -i
../shadow-&shadow-version;-useradd_fix-2.patch &&
+
+./configure --libdir=/lib \
--sysconfdir=/etc \
--enable-shared \
--without-selinux &&
+
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
-find man -name Makefile -exec sed -i '/groups/d' {} \; &&
+find man -name Makefile -exec sed -i 's/groups\.1 / /' {} \; &&
sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile &&
for i in de es fi fr id it pt_BR; do
@@ -186,6 +188,20 @@
</sect2>
<sect2 role="configuration">
+ <title>Configuring Shadow</title>
+
+ <para><application>Shadow</application>'s stock configuration for the
+ <command>useradd</command> utility is not suitable for LFS systems. Use the
+ following commands as the <systemitem class="username">root</systemitem>
+ user to change the default home directory for new users and prevent the
+ creation of mail spool files:</para>
+
+<screen role="root"><userinput>useradd -D -b /home &&
+sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
+
+ </sect2>
+
+ <sect2 role="configuration">
<title>Configuring Linux-PAM to Work with Shadow</title>
<note>
@@ -331,8 +347,8 @@
<screen role="root"><userinput>cat > /etc/pam.d/login << "EOF"
<literal># Begin /etc/pam.d/login
-auth requisite pam_securetty.so
auth requisite pam_nologin.so
+auth required pam_securetty.so
auth required pam_unix.so
account required pam_access.so
account required pam_unix.so
@@ -358,8 +374,8 @@
<screen role="root"><userinput>cat > /etc/pam.d/login << "EOF"
<literal># Begin /etc/pam.d/login
-auth requisite pam_securetty.so
auth requisite pam_nologin.so
+auth required pam_securetty.so
auth required pam_env.so
auth required pam_unix.so
account required pam_access.so
@@ -441,11 +457,11 @@
</sect4>
<sect4>
- <title>'chpasswd', 'newusers', 'groupadd', 'groupdel',
- 'groupmod', 'useradd', 'userdel', and 'usermod'</title>
+ <title>'chpasswd', 'chgpasswd', 'groupadd', 'groupdel', 'groupmems',
+ 'groupmod', 'newusers', 'useradd', 'userdel', and 'usermod'</title>
-<screen role="root"><userinput>for PROGRAM in chpasswd newusers groupadd
groupdel \
- groupmod useradd userdel usermod
+<screen role="root"><userinput>for PROGRAM in chpasswd chgpasswd groupadd
groupdel groupmems \
+ groupmod newusers useradd userdel usermod
do
install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
