Domů Procházet Nápověda
Přihlásit se
lfs
/
lfs-book
2
0
Rozštěpit 0
Soubory Úkoly Pull Requesty 0 Wiki
Strom: 1f304328b4
Větve Značky
lfs-book
/
chapter06
/
shadowpwd-inst.xml

shadowpwd-inst.xml 4.0 KB
Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. <sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
    2. 

  2. 

  3. <sect2>
    4. 

  4. <title>Installation of Shadow Password Suite</title>
    5. 

  5. 

  6. <para>Before you install this package, you may want to have a look at
    7. 

  7. the Shadow hint. It discusses how you can make your system more secure
    8. 

  8. regarding passwords, such as how to enable the more secure MD5 passwords
    9. 

  9. and how to get the most out of this Shadow package. The Shadow hint can
    10. 

  10. be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
    11. 

  11. 

  12. <para>Programs like login, shutdown, uptime, and others want to read
    13. 

  13. from and to the /var/run/utmp, /var/log/btmp and /var/log/wtmp. These
    14. 

  14. files contain information about who is currently logged in. They also
    15. 

  15. contain information about when the conmputer was last booted and
    16. 

  16. shutdown and a record of bas login attempts.</para>
    17. 

  17. 

  18. <para>Create these files with their proper permissions by running the
    19. 

  19. following commands:</para>
    20. 

  20. 

  21. <para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
    22. 

  22. chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>
    23. 

  23. 

  24. <para>Shadow hard-codes the path to the passwd binary within itself, but
    25. 

  25. it does it the wrong way. If no passwd binary is present before
    26. 

  26. installing Shadow, it (wrongly) assumes that it will be at /bin/passwd,
    27. 

  27. but then installs its own in /usr/bin/passwd. This will lead to strange
    28. 

  28. errors about not finding /bin/passwd. To fix workaround this bug in
    29. 

  29. Shadow, we'll create a dummy passwd file so that it gets hardcoded in
    30. 

  30. the right place:</para>
    31. 

  31. 

  32. <para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
    33. 

  33. 

  34. <para>Prepare Shadow to be compiled:</para>
    35. 

  35. 

  36. <para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib \
    37. 

  37. &nbsp;&nbsp;&nbsp;&nbsp;--enable-shared</userinput></screen></para>
    38. 

  38. 

  39. <para>Continue with compiling the package:</para>
    40. 

  40. 

  41. <para><screen><userinput>make</userinput></screen></para>
    42. 

  42. 

  43. <para>Install the package:</para>
    44. 

  44. 

  45. <para><screen><userinput>make install</userinput></screen></para>
    46. 

  46. 

  47. <para>Shadow uses two files to configure authentication settings for
    48. 

  48. the system. Install those config files:</para>
    49. 

  49. 

  50. <para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
    51. 

  51. 

  52. <para><filename class="directory">/var/spool/mail</filename> is the
    53. 

  53. old location of the user mailboxes. The location that is used nowadays
    54. 

  54. is /var/mail. Issue the following command to modify the mailbox
    55. 

  55. location:</para>
    56. 

  56. 

  57. <para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
    58. 

  58. &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>
    59. 

  59. 

  60. <para>According to the manpage of <userinput>vipw</userinput>,
    61. 

  61. a <userinput>vigr</userinput> symlink should exist. Because the
    62. 

  62. shadow installation procedure doesn't create this symlink, it
    63. 

  63. must be created manually:</para>
    64. 

  64. 

  65. <para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>
    66. 

  66. 

  67. <para>The <filename>vipw</filename> link is currently pointing
    68. 

  68. to a non-existing file. Since this file isn't needed here, remove
    69. 

  69. it:</para>
    70. 

  70. 

  71. <para><screen><userinput>rm /bin/vipw</userinput></screen></para>
    72. 

  72. 

  73. <para>Move the <userinput>sg</userinput> program to the
    74. 

  74. <filename class="directory">/usr/bin</filename> directory:</para>
    75. 

  75. 

  76. <para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>
    77. 

  77. 

  78. <para>Move Shadow's dynamic libraries to a more appropriate location:</para>
    79. 

  79. 

  80. <para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>
    81. 

  81. 

  82. <para>The libraries have been moved, but some packages expect to
    83. 

  83. find them in them in the
    84. 

  84. <filename class="directory">/usr/lib</filename> directory. To account
    85. 

  85. for this, create the following symlinks:</para>
    86. 

  86. 

  87. <para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
    88. 

  88. ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>
    89. 

  89. 

  90. <para>Sh-utils and Shadow Password Suite each install a unique
    91. 

  91. <filename>groups</filename> program. If you wish, you may remove the
    92. 

  92. <filename>groups</filename> program installed by the Shadow Password
    93. 

  93. Suite:</para>
    94. 

  94. 

  95. <para><screen><userinput>rm /bin/groups</userinput></screen></para>
    96. 

  96. 

  97. </sect2>
    98.