Author: andy Date: 2012-03-15 10:25:36 -0600 (Thu, 15 Mar 2012) New Revision: 9713
Modified: trunk/BOOK/postlfs/security/shadow.xml Log: fix compiling shadow with acl installed Modified: trunk/BOOK/postlfs/security/shadow.xml =================================================================== --- trunk/BOOK/postlfs/security/shadow.xml 2012-03-15 14:44:37 UTC (rev 9712) +++ trunk/BOOK/postlfs/security/shadow.xml 2012-03-15 16:25:36 UTC (rev 9713) @@ -4,7 +4,8 @@ <!ENTITY % general-entities SYSTEM "../../general.ent"> %general-entities; - <!ENTITY shadow-download-http "http://pkg-shadow.alioth.debian.org/releases/shadow-&shadow-version;.tar.bz2 "> + <!ENTITY shadow-download-http + "http://pkg-shadow.alioth.debian.org/releases/shadow-&shadow-version;.tar.bz2 "> <!ENTITY shadow-download-ftp " "> <!ENTITY shadow-md5sum "d5f7a588fadb79faeb4b08b1eee82e9a"> <!ENTITY shadow-size "2.1 MB"> @@ -29,45 +30,60 @@ <sect2 role="package"> <title>Introduction to Shadow</title> - <para><application>Shadow</application> was indeed installed in LFS and - there is no reason to reinstall it unless you installed - <application>CrackLib</application> or - <application>Linux-PAM</application> after your LFS system was completed. - If you have installed <application>CrackLib</application> after LFS, then - reinstalling <application>Shadow</application> will enable strong password - support. If you have installed <application>Linux-PAM</application>, - reinstalling <application>Shadow</application> will allow programs such as - <command>login</command> and <command>su</command> to utilize PAM.</para> + <para> + <application>Shadow</application> was indeed installed in LFS and there is + no reason to reinstall it unless you installed + <application>CrackLib</application> or + <application>Linux-PAM</application> after your LFS system was completed. + If you have installed <application>CrackLib</application> after LFS, then + reinstalling <application>Shadow</application> will enable strong password + support. If you have installed <application>Linux-PAM</application>, + reinstalling <application>Shadow</application> will allow programs such as + <command>login</command> and <command>su</command> to utilize PAM. + </para> - &lfs70_checked; + &lfs71_checked; <bridgehead renderas="sect3">Package Information</bridgehead> <itemizedlist spacing="compact"> <listitem> - <para>Download (HTTP): <ulink url="&shadow-download-http;"/></para> + <para> + Download (HTTP): <ulink url="&shadow-download-http;"/> + </para> </listitem> <listitem> - <para>Download (FTP): <ulink url="&shadow-download-ftp;"/></para> + <para> + Download (FTP): <ulink url="&shadow-download-ftp;"/> + </para> </listitem> <listitem> - <para>Download MD5 sum: &shadow-md5sum;</para> + <para> + Download MD5 sum: &shadow-md5sum; + </para> </listitem> <listitem> - <para>Download size: &shadow-size;</para> + <para> + Download size: &shadow-size; + </para> </listitem> <listitem> - <para>Estimated disk space required: &shadow-buildsize;</para> + <para> + Estimated disk space required: &shadow-buildsize; + </para> </listitem> <listitem> - <para>Estimated build time: &shadow-time;</para> + <para> + Estimated build time: &shadow-time; + </para> </listitem> </itemizedlist> <bridgehead renderas="sect3">Additional Downloads</bridgehead> <itemizedlist spacing='compact'> <listitem> - <para>Required patch: <ulink - url="http://www.&lfs-domainname;/patches/lfs/development/shadow-&shadow-version;-nscd-1.patch"/> + <para> + Required patch: <ulink + url="http://www.&lfs-domainname;/patches/lfs/development/shadow-&shadow-version;-nscd-1.patch"/> </para> </listitem> </itemizedlist> @@ -75,41 +91,49 @@ <bridgehead renderas="sect3">Shadow Dependencies</bridgehead> <bridgehead renderas="sect4">Required</bridgehead> - <para role="required"><xref linkend="linux-pam"/> or - <xref linkend="cracklib"/></para> + <para role="required"> + <xref linkend="linux-pam"/> or + <xref linkend="cracklib"/> + </para> - <para condition="html" role="usernotes">User Notes: - <ulink url="&blfs-wiki;/shadow"/></para> - + <para condition="html" role="usernotes"> + User Notes: <ulink url="&blfs-wiki;/shadow"/> + </para> </sect2> <sect2 role="installation"> <title>Installation of Shadow</title> <important> - <para>The installation commands shown below are for installations where - <application>Linux-PAM</application> has been installed (with or - without a <application>CrackLib</application> installation) and - <application>Shadow</application> is being reinstalled to support the - <application>Linux-PAM</application> installation.</para> + <para> + The installation commands shown below are for installations where + <application>Linux-PAM</application> has been installed (with or + without a <application>CrackLib</application> installation) and + <application>Shadow</application> is being reinstalled to support the + <application>Linux-PAM</application> installation. + </para> - <para> If you are reinstalling <application>Shadow</application> to - provide strong password support using the - <application>CrackLib</application> library without using - <application>Linux-PAM</application>, ensure you add the - <parameter>--with-libcrack</parameter> parameter to the - <command>configure</command> script below and also issue the following - command:</para> + <para> + If you are reinstalling <application>Shadow</application> to provide + strong password support using the <application>CrackLib</application> + library without using <application>Linux-PAM</application>, ensure you + add the <parameter>--with-libcrack</parameter> parameter to the + <command>configure</command> script below and also issue the following + command: + </para> <screen><userinput>sed -i 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' etc/login.defs</userinput></screen> </important> - <para>Reinstall <application>Shadow</application> by running the following - commands:</para> + <para> + Reinstall <application>Shadow</application> by running the following + commands: + </para> <screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in && find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; && sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile.in && +sed -i '/<stdio.h>/a#include <stdarg.h>' libmisc/copydir.c && sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ -e 's@/var/spool/mail@/var/mail@' etc/login.defs && @@ -119,104 +143,122 @@ patch -Np1 -i ../shadow-&shadow-version;-nscd-1.patch && -./configure --prefix=/usr --sysconfdir=/etc \ - --without-acl --without-attr && +./configure --prefix=/usr --sysconfdir=/etc && make</userinput></screen> - <para>This package does not come with a test suite.</para> + <para> + This package does not come with a test suite. + </para> - <para>Now, as the <systemitem class="username">root</systemitem> user:</para> + <para> + Now, as the <systemitem class="username">root</systemitem> user: + </para> <screen role="root"><userinput>make install && mv -v /usr/bin/passwd /bin</userinput></screen> - </sect2> <sect2 role="commands"> <title>Command Explanations</title> - <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>: - This command is used to suppress the installation of the - <command>groups</command> program as the version from the - <application>Coreutils</application> package installed during LFS is - preferred.</para> + <para> + <command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>: This sed + is used to suppress the installation of the <command>groups</command> + program as the version from the <application>Coreutils</application> + package installed during LFS is preferred. + </para> - <para><command>find man -name Makefile.in -exec ... {} \;</command>: This - command is used to suppress the installation of the - <command>groups</command> man pages so the existing ones installed from - the <application>Coreutils</application> package are not replaced.</para> + <para> + <command>find man -name Makefile.in -exec ... {} \;</command>: This + command is used to suppress the installation of the + <command>groups</command> man pages so the existing ones installed from + the <application>Coreutils</application> package are not replaced. + </para> - <para><command>sed -i -e '...' -e '...' man/Makefile.in</command>: This - command disables the installation of Chinese and Korean manual pages, since - <application>Man-DB</application> cannot format them properly.</para> + <para> + <command>sed -i -e '...' -e '...' man/Makefile.in</command>: This command + disables the installation of Chinese and Korean manual pages, since + <application>Man-DB</application> cannot format them properly. + </para> - <para><command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' - -e 's@/var/spool/mail@/var/mail@' etc/login.defs</command>: - Instead of using the default 'DES' method, this command modifies the - installation to use the more secure 'SHA512' method of hashing passwords, - which also allows passwords longer than eight characters. It also changes - the obsolete <filename class="directory">/var/spool/mail</filename> - location for user mailboxes that <application>Shadow</application> uses by - default to the <filename class="directory">/var/mail</filename> - location.</para> + <para> + <command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' -e + 's@/var/spool/mail@/var/mail@' etc/login.defs</command>: Instead of using + the default 'DES' method, this command modifies the installation to use + the more secure 'SHA512' method of hashing passwords, which also allows + passwords longer than eight characters. It also changes the obsolete + <filename class="directory">/var/spool/mail</filename> location for user + mailboxes that <application>Shadow</application> uses by default to the + <filename class="directory">/var/mail</filename> location. + </para> - <para><command>sed -i -e - 's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&:/usr/local/sbin:/usr/local/bin@' - -e 's@PATH=/bin:/usr/bin@&:/usr/local/bin@' etc/login.defs</command>: - This sed expands PATH to <filename class="directory">/usr/local/bin</filename> - for normal and <systemitem class="username">root</systemitem> user and to - <filename class="directory">/usr/local/sbin</filename> for - <systemitem class="username">root</systemitem> user only.</para> + <para> + <command>sed -i -e + 's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&:/usr/local/sbin:/usr/local/bin@' + -e 's@PATH=/bin:/usr/bin@&:/usr/local/bin@' etc/login.defs</command>: + This sed expands PATH to + <filename class="directory">/usr/local/bin</filename> for normal and + <systemitem class="username">root</systemitem> user and to + <filename class="directory">/usr/local/sbin</filename> for + <systemitem class="username">root</systemitem> user only. + </para> - <para><command>--without-acl</command>: Disables linking with <xref linkend="acl"/> - since <application>Shadow</application> fails to compile if it is present.</para> + <para> + <command>sed -i '/<stdio.h>/a#include <stdarg.h>' + libmisc/copydir.c</command>: This sed fixes a bug which would make the + build fail if <xref linkend="acl"/> is installed. + </para> - <para><command>--without-attr</command>: Disables linking with <xref linkend="attr"/> - since <application>Shadow</application> fails to compile if it is present.</para> - - <para><command>mv -v /usr/bin/passwd /bin</command>: The - <command>passwd</command> program may be needed during times when the - <filename class='directory'>/usr</filename> filesystem is not mounted so - it is moved into the root partition.</para> - + <para> + <command>mv -v /usr/bin/passwd /bin</command>: The + <command>passwd</command> program may be needed during times when the + <filename class='directory'>/usr</filename> filesystem is not mounted so + it is moved into the root partition. + </para> </sect2> <sect2 role="configuration"> <title>Configuring Shadow</title> - <para><application>Shadow</application>'s stock configuration for the - <command>useradd</command> utility may not be desirable for your - installation. One default parameter causes <command>useradd</command> to - create a mailbox file for any newly created user. - <command>useradd</command> will make the group ownership of this file to - the <systemitem class="groupname">mail</systemitem> group with 0660 - permissions. If you would prefer that these mailbox files are not created - by <command>useradd</command>, issue the - following command as the <systemitem class="username">root</systemitem> user:</para> + <para> + <application>Shadow</application>'s stock configuration for the + <command>useradd</command> utility may not be desirable for your + installation. One default parameter causes <command>useradd</command> to + create a mailbox file for any newly created user. + <command>useradd</command> will make the group ownership of this file to + the <systemitem class="groupname">mail</systemitem> group with 0660 + permissions. If you would prefer that these mailbox files are not created + by <command>useradd</command>, issue the following command as the + <systemitem class="username">root</systemitem> user: + </para> <screen role="root"><userinput>sed -i 's/yes/no/' /etc/default/useradd</userinput></screen> - </sect2> <sect2 role="configuration"> <title>Configuring Linux-PAM to Work with Shadow</title> <note> - <para>The rest of this page is devoted to configuring - <application>Shadow</application> to work properly with - <application>Linux-PAM</application>. If you do not have - <application>Linux-PAM</application> installed, and you reinstalled - <application>Shadow</application> to support strong passwords via - the <application>CrackLib</application> library, no further configuration - is required.</para> + <para> + The rest of this page is devoted to configuring + <application>Shadow</application> to work properly with + <application>Linux-PAM</application>. If you do not have + <application>Linux-PAM</application> installed, and you reinstalled + <application>Shadow</application> to support strong passwords via the + <application>CrackLib</application> library, no further configuration is + required. + </para> </note> <sect3 id="pam.d"> <title>Config Files</title> - <para><filename>/etc/pam.d/*</filename> or alternatively - <filename>/etc/pam.conf, /etc/login.defs, and - /etc/security/*</filename></para> + <para> + <filename>/etc/pam.d/*</filename> or alternatively + <filename>/etc/pam.conf</filename>, + <filename>/etc/login.defs</filename> and + <filename>/etc/security/*</filename> + </para> <indexterm zone="shadow pam.d"> <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary> @@ -233,41 +275,45 @@ <indexterm zone="shadow pam.d"> <primary sortas="e-etc-security">/etc/security/*</primary> </indexterm> - </sect3> <sect3> <title>Configuration Information</title> - <para>Configuring your system to use <application>Linux-PAM</application> - can be a complex task. The information below will provide a basic setup - so that <application>Shadow</application>'s login and password - functionality will work effectively with - <application>Linux-PAM</application>. Review the information and links on - the <xref linkend="linux-pam"/> page for further configuration - information. For information specific to integrating - <application>Shadow</application>, <application>Linux-PAM</application> - and <application>CrackLib</application>, you can visit the following - link:</para> + <para> + Configuring your system to use <application>Linux-PAM</application> can + be a complex task. The information below will provide a basic setup so + that <application>Shadow</application>'s login and password + functionality will work effectively with + <application>Linux-PAM</application>. Review the information and links + on the <xref linkend="linux-pam"/> page for further configuration + information. For information specific to integrating + <application>Shadow</application>, <application>Linux-PAM</application> + and <application>CrackLib</application>, you can visit the following + link: + </para> <itemizedlist spacing="compact"> - <listitem> - <para><ulink - url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/></para> - </listitem> + <listitem> + <para> + <ulink url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/> + </para> + </listitem> </itemizedlist> <sect4 id="pam-login-defs"> <title>Configuring /etc/login.defs</title> - <para>The <command>login</command> program currently performs many - functions which <application>Linux-PAM</application> modules should - now handle. The following <command>sed</command> command will comment - out the appropriate lines in <filename>/etc/login.defs</filename>, and - stop <command>login</command> from performing these functions (a backup - file named <filename>/etc/login.defs.orig</filename> is also created - to preserve the original file's contents). Issue the following commands - as the <systemitem class="username">root</systemitem> user:</para> + <para> + The <command>login</command> program currently performs many functions + which <application>Linux-PAM</application> modules should now handle. + The following <command>sed</command> command will comment out the + appropriate lines in <filename>/etc/login.defs</filename>, and stop + <command>login</command> from performing these functions (a backup + file named <filename>/etc/login.defs.orig</filename> is also created + to preserve the original file's contents). Issue the following + commands as the <systemitem class="username">root</systemitem> user: + </para> <indexterm zone="shadow pam-login-defs"> <primary sortas="e-etc-login.defs">/etc/login.defs</primary> @@ -288,31 +334,31 @@ PASS_ALWAYS_WARN \ CHFN_AUTH ENVIRON_FILE do - sed -i "s/^$FUNCTION/# &/" /etc/login.defs + sed -i "s/^${FUNCTION}/# &/" /etc/login.defs done</userinput></screen> - </sect4> <sect4> <title>Configuring the /etc/pam.d/ Files</title> - <para>As mentioned previously in the - <application>Linux-PAM</application> instructions, - <application>Linux-PAM</application> has two supported methods for - configuration. The commands below assume that you've chosen to use - a directory based configuration, where each program has its own - configuration file. You can optionally use a single - <filename>/etc/pam.conf</filename> configuration file by using the - text from the files below, and supplying the program name as an - additional first field for each line.</para> + <para> + As mentioned previously in the <application>Linux-PAM</application> + instructions, <application>Linux-PAM</application> has two supported + methods for configuration. The commands below assume that you've + chosen to use a directory based configuration, where each program has + its own configuration file. You can optionally use a single + <filename>/etc/pam.conf</filename> configuration file by using the + text from the files below, and supplying the program name as an + additional first field for each line. + </para> - <para>As the <systemitem class="username">root</systemitem> user, - replace the following <application>Linux-PAM</application> - configuration files in the - <filename class="directory">/etc/pam.d/</filename> directory (or - add the contents to the <filename>/etc/pam.conf</filename> file) using - the following commands:</para> - + <para> + As the <systemitem class="username">root</systemitem> user, replace + the following <application>Linux-PAM</application> configuration files + in the <filename class="directory">/etc/pam.d/</filename> directory + (or add the contents to the <filename>/etc/pam.conf</filename> file) + using the following commands: + </para> </sect4> <sect4> @@ -325,7 +371,6 @@ # End /etc/pam.d/system-account</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -338,7 +383,6 @@ # End /etc/pam.d/system-auth</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -360,13 +404,15 @@ # End /etc/pam.d/system-password</literal> EOF</userinput></screen> - <note><para>In its default configuration, owing to credits, - pam_cracklib will allow multiple case passwords as short as 6 - characters, even with the <parameter>minlen</parameter> value - set to 11. You should review the pam_cracklib(8) man page and - determine if these default values are acceptable for the security - of your system.</para></note> - + <note> + <para> + In its default configuration, owing to credits, pam_cracklib will + allow multiple case passwords as short as 6 characters, even with + the <parameter>minlen</parameter> value set to 11. You should review + the pam_cracklib(8) man page and determine if these default values + are acceptable for the security of your system. + </para> + </note> </sect4> <sect4> @@ -381,7 +427,6 @@ # End /etc/pam.d/system-password</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -394,7 +439,6 @@ # End /etc/pam.d/system-session</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -447,7 +491,6 @@ # End /etc/pam.d/login</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -460,7 +503,6 @@ # End /etc/pam.d/passwd</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -484,7 +526,6 @@ # End /etc/pam.d/su</literal> EOF</userinput></screen> - </sect4> <sect4> @@ -506,51 +547,52 @@ # End /etc/pam.d/chage</literal> EOF</userinput></screen> - </sect4> <sect4> - <title>'chfn', 'chgpasswd', 'chgpasswd', 'chsh', 'groupadd', - 'groupdel', 'groupmems', 'groupmod', 'newusers', 'useradd', 'userdel' - and 'usermod'</title> + <title>'chfn', 'chgpasswd', 'chgpasswd', 'chsh', 'groupadd', 'groupdel', + 'groupmems', 'groupmod', 'newusers', 'useradd', 'userdel' and + 'usermod'</title> <screen role="root"><userinput>for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \ groupmems groupmod newusers useradd userdel usermod do - install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM - sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM + install -v -m644 /etc/pam.d/chage /etc/pam.d/${PROGRAM} + sed -i "s/chage/$PROGRAM/" /etc/pam.d/${PROGRAM} done</userinput></screen> <warning> - <para>At this point, you should do a simple test to see if - <application>Shadow</application> is working as expected. Open - another terminal and log in as a user, then <command>su</command> to - <systemitem class="username">root</systemitem>. If you do not see any - errors, then all is well and you should proceed with the rest of the - configuration. If you did receive errors, stop now and double check - the above configuration files manually. You can also run the test - suite from the <application>Linux-PAM</application> package to assist - you in determining the problem. If you cannot find and - fix the error, you should recompile <application>Shadow</application> - adding the <option>--without-libpam</option> switch to the - <command>configure</command> command in the above instructions - (also move the <filename>/etc/login.defs.orig</filename> backup - file to <filename>/etc/login.defs</filename>). If you - fail to do this and the errors remain, you will be unable to log into - your system.</para> + <para> + At this point, you should do a simple test to see if + <application>Shadow</application> is working as expected. Open + another terminal and log in as a user, then <command>su</command> to + <systemitem class="username">root</systemitem>. If you do not see + any errors, then all is well and you should proceed with the rest of + the configuration. If you did receive errors, stop now and double + check the above configuration files manually. You can also run the + test suite from the <application>Linux-PAM</application> package to + assist you in determining the problem. If you cannot find and fix + the error, you should recompile <application>Shadow</application> + adding the <option>--without-libpam</option> switch to the + <command>configure</command> command in the above instructions (also + move the <filename>/etc/login.defs.orig</filename> backup file to + <filename>/etc/login.defs</filename>). If you fail to do this and + the errors remain, you will be unable to log into your system. + </para> </warning> - </sect4> <sect4> <title>Other</title> - <para>Currently, <filename>/etc/pam.d/other</filename> is configured - to allow anyone with an account on the machine to use PAM-aware - programs without a configuration file for that program. After testing - <application>Linux-PAM</application> for proper configuration, install - a more restrictive <filename>other</filename> file so that - program-specific configuration files are required:</para> + <para> + Currently, <filename>/etc/pam.d/other</filename> is configured to + allow anyone with an account on the machine to use PAM-aware programs + without a configuration file for that program. After testing + <application>Linux-PAM</application> for proper configuration, install + a more restrictive <filename>other</filename> file so that + program-specific configuration files are required: + </para> <screen role="root"><userinput>cat > /etc/pam.d/other << "EOF" <literal># Begin /etc/pam.d/other @@ -566,62 +608,54 @@ # End /etc/pam.d/other</literal> EOF</userinput></screen> - </sect4> <sect4 id="pam-access"> <title>Configuring Login Access</title> - <para>Instead of using the <filename>/etc/login.access</filename> - file for controlling access to the system, - <application>Linux-PAM</application> uses the - <filename class='libraryfile'>pam_access.so</filename> module along - with the <filename>/etc/security/access.conf</filename> file. Rename - the <filename>/etc/login.access</filename> file using the following - command:</para> + <para> + Instead of using the <filename>/etc/login.access</filename> file for + controlling access to the system, <application>Linux-PAM</application> + uses the <filename class='libraryfile'>pam_access.so</filename> module + along with the <filename>/etc/security/access.conf</filename> file. + Rename the <filename>/etc/login.access</filename> file using the + following command: + </para> <indexterm zone="shadow pam-access"> <primary sortas="e-etc-security-access.conf">/etc/security/access.conf</primary> </indexterm> -<screen role="root"><userinput>if [ -f /etc/login.access ]; then - mv -v /etc/login.access /etc/login.access.NOUSE -fi</userinput></screen> - +<screen role="root"><userinput>[ -f /etc/login.access ] && mv -v /etc/login.access{,.NOUSE}</userinput></screen> </sect4> <sect4 id="pam-limits"> <title>Configuring Resource Limits</title> - <para>Instead of using the <filename>/etc/limits</filename> file - for limiting usage of system resources, - <application>Linux-PAM</application> uses the - <filename class='libraryfile'>pam_limits.so</filename> module along - with the <filename>/etc/security/limits.conf</filename> file. Rename - the <filename>/etc/limits</filename> file using the following - command:</para> + <para> + Instead of using the <filename>/etc/limits</filename> file for + limiting usage of system resources, + <application>Linux-PAM</application> uses the + <filename class='libraryfile'>pam_limits.so</filename> module along + with the <filename>/etc/security/limits.conf</filename> file. Rename + the <filename>/etc/limits</filename> file using the following command: + </para> <indexterm zone="shadow pam-limits"> <primary sortas="e-etc-security-limits.conf">/etc/security/limits.conf</primary> </indexterm> -<screen role="root"><userinput>if [ -f /etc/limits ]; then - mv -v /etc/limits /etc/limits.NOUSE -fi</userinput></screen> - +<screen role="root"><userinput>[ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE}</userinput></screen> </sect4> - </sect3> - </sect2> <sect2 role="content"> <title>Contents</title> - <para>A list of the installed files, along with their short descriptions - can be found at - <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>.</para> - + <para> + A list of the installed files, along with their short descriptions can be + found at <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>. + </para> </sect2> - </sect1> -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
