탐색 도움말
로그인
lfs
/
lfs-book
2
0
포크 0
파일 이슈 풀 리퀘스트 0 위키
트리: db7ac2fe79
브랜치 태그
lfs-book
/
chapter06
/
shadowpwd-inst.xml

shadowpwd-inst.xml 4.8 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. <sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
    2. 

  2. 

  3. <sect2>
    4. 

  4. <title>Installation of Shadow Password Suite</title>
    5. 

  5. 

  6. <para>Before you install this package, you may want to have a look at
    7. 

  7. the Shadow hint. It discusses how you can make your system more secure
    8. 

  8. regarding passwords, such as how to enable the more secure MD5 passwords
    9. 

  9. and how to get the most out of this Shadow package. The Shadow hint can
    10. 

  10. be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
    11. 

  11. 

  12. <para>The <userinput>login</userinput>, <userinput>getty</userinput> and
    13. 

  13. <userinput>init</userinput> programs (and some others) maintain a number
    14. 

  14. of logfiles to record who are and who were logged in to the system.  These
    15. 

  15. programs, however, don't create these logfiles when they don't exist, so if
    16. 

  16. you want this logging to occur you will have to create the files yourself.
    17. 

  17. To let the Shadow package (that is installed next) detect these files in their
    18. 

  18. proper place, create them now, with their proper permissions:</para>
    19. 

  19. 

  20. <para>Create these files with their proper permissions by running the
    21. 

  21. following commands:</para>
    22. 

  22. 

  23. <para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
    24. 

  24. chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>
    25. 

  25. 

  26. <para>The <filename>/var/run/utmp</filename> file lists the users that are
    27. 

  27. currently logged in, the <filename>/var/log/wtmp</filename> file who
    28. 

  28. <emphasis>were</emphasis> logged in and when.
    29. 

  29. The <filename>/var/log/lastlog</filename> file shows for each user when he
    30. 

  30. or she last logged in, and the <filename>/var/log/btmp</filename> lists the
    31. 

  31. bad login attempts.</para>
    32. 

  32. 

  33. <para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
    34. 

  34. within the binary itself, but does this the wrong way. If before installing
    35. 

  35. Shadow no <userinput>passwd</userinput> binary is present , the package wrongly
    36. 

  36. assumes it is going to be located at <filename>/bin/passwd</filename>,
    37. 

  37. but then installs it in <filename>/usr/bin/passwd</filename>. This will lead
    38. 

  38. to weird errors about not finding <filename>/bin/passwd</filename>. To work
    39. 

  39. around this bug, create a dummy <filename>passwd</filename> file,
    40. 

  40. so that it gets hard-wired properly:</para>
    41. 

  41. 

  42. <para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
    43. 

  43. 

  44. <para>The current shadow suite has a problem in the newgrp command which causes
    45. 

  45. it to fail.  The following patch (also appearing in Shadow's CVS code) fixes
    46. 

  46. this problem.</para>
    47. 

  47. 

  48. <para><screen><userinput>patch -Np1 -i ../shadow-&shadow-patch-version;.patch
    49. 

  49. </userinput></screen></para>
    50. 

  50. 

  51. <para>Now prepare Shadow for compilation:</para>
    52. 

  52. 

  53. <para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen></para>
    54. 

  54. 

  55. <para>Compile the package:</para>
    56. 

  56. 

  57. <para><screen><userinput>make</userinput></screen></para>
    58. 

  58. 

  59. <para>And install it:</para>
    60. 

  60. 

  61. <para><screen><userinput>make install</userinput></screen></para>
    62. 

  62. 

  63. <para>Shadow uses two files to configure authentication settings for the
    64. 

  64. system. Install these two config files:</para>
    65. 

  65. 

  66. <para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
    67. 

  67. 

  68. <para>In the old days <filename class="directory">/var/spool/mail</filename>
    69. 

  69. was the location for the user mailboxes, but nowadays <filename
    70. 

  70. class="directory">/var/mail</filename> is used. Change the default mailbox
    71. 

  71. location in the relevant configuration file while copying it to its
    72. 

  72. destination:</para>
    73. 

  73. 

  74. <para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
    75. 

  75. &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>
    76. 

  76. 

  77. <para>According to the man page of <userinput>vipw</userinput>, a
    78. 

  78. <userinput>vigr</userinput> program should exist too. Since the installation
    79. 

  79. procedure doesn't create this program, create a symlink manually:</para>
    80. 

  80. 

  81. <para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>
    82. 

  82. 

  83. <para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
    84. 

  84. pointing to a non-existent file), remove it:</para>
    85. 

  85. 

  86. <para><screen><userinput>rm /bin/vipw</userinput></screen></para>
    87. 

  87. 

  88. <para>Now move the <userinput>sg</userinput> program to its proper place:</para>
    89. 

  89. 

  90. <para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>
    91. 

  91. 

  92. <para>And move Shadow's dynamic libraries to a more appropriate location:</para>
    93. 

  93. 

  94. <para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>
    95. 

  95. 

  96. <para>As some packages expect to find the just-moved libraries in
    97. 

  97. <filename>/usr/lib</filename>, create the following symlinks:</para>
    98. 

  98. 

  99. <para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
    100. 

  100. ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>
    101. 

  101. 

  102. <para>Coreutils has already installed a <userinput>groups</userinput> program
    103. 

  103. in <filename>/usr/bin</filename>. If you wish, you can remove the one
    104. 

  104. installed by Shadow:</para>
    105. 

  105. 

  106. <para><screen><userinput>rm /bin/groups</userinput></screen></para>
    107. 

  107. 

  108. </sect2>
    109. 

  109.