shadowpwd.xml 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. <sect1 id="ch06-shadow">
  2. <title>Installing Shadow-&shadow-version;</title>
  3. <?dbhtml filename="shadow.html" dir="chapter06"?>
  4. <screen>Estimated build time: &shadow-time;
  5. Estimated required disk space: &shadow-compsize;</screen>
  6. &aa-shadowpwd-shortdesc;
  7. &aa-shadowpwd-dep;
  8. <sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
  9. <sect2>
  10. <title>Installation of Shadow</title>
  11. <para>The <userinput>login</userinput>, <userinput>getty</userinput> and
  12. <userinput>init</userinput> programs (and some others) maintain a number
  13. of logfiles to record who are and who were logged in to the system. These
  14. programs, however, don't create these logfiles when they don't exist, so if
  15. you want this logging to occur you will have to create the files yourself.
  16. The Shadow package needs to detect these files in their proper place, so we
  17. create them now, with their proper permissions:</para>
  18. <screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
  19. chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen>
  20. <para>The <filename>/var/run/utmp</filename> file lists the users that are
  21. currently logged in, the <filename>/var/log/wtmp</filename> file who
  22. <emphasis>were</emphasis> logged in and when.
  23. The <filename>/var/log/lastlog</filename> file shows for each user when he
  24. or she last logged in, and the <filename>/var/log/btmp</filename> lists the
  25. bad login attempts.</para>
  26. <para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
  27. within the binary itself, but does this the wrong way. If a
  28. <userinput>passwd</userinput> binary is not present before installing Shadow,
  29. the package incorrectly assumes it is going to be located at
  30. <filename>/bin/passwd</filename>, but then installs it in
  31. <filename>/usr/bin/passwd</filename>. This will lead to errors about not finding
  32. <filename>/bin/passwd</filename>. To work around this bug, create a dummy
  33. <filename>passwd</filename> file, so that it gets hard-wired properly:</para>
  34. <screen><userinput>touch /usr/bin/passwd</userinput></screen>
  35. <para>The current Shadow suite has a problem that causes the
  36. <userinput>newgrp</userinput> command to fail. The following patch (also
  37. appearing in Shadow's CVS code) fixes this problem:</para>
  38. <screen><userinput>patch -Np1 -i ../&shadow-patch;</userinput></screen>
  39. <para>Now prepare Shadow for compilation:</para>
  40. <screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen>
  41. <para>Compile the package:</para>
  42. <screen><userinput>make</userinput></screen>
  43. <para>And install it:</para>
  44. <screen><userinput>make install</userinput></screen>
  45. <para>Shadow uses two files to configure authentication settings for the
  46. system. Install these two config files:</para>
  47. <screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen>
  48. <para>We want to change the password method to enable MD5 passwords which are
  49. theoretically more secure than the default "crypt" method and also allow
  50. password lengths greater than 8 characters. We also need to change the old
  51. <filename class="directory">/var/spool/mail</filename> location for user
  52. mailboxes to the current location at
  53. <filename class="directory">/var/mail</filename>. We do this by changing the
  54. relevant configuration file while copying it to its destination:</para>
  55. <screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
  56. &nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
  57. &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen>
  58. <note><para>Be extra careful when typing all of the above. It is probably safer
  59. to cut-and-paste it rather than try and type it all in.</para></note>
  60. <para>According to the man page of <userinput>vipw</userinput>, a
  61. <userinput>vigr</userinput> program should exist too. Since the installation
  62. procedure doesn't create this program, create a symlink manually:</para>
  63. <screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen>
  64. <para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
  65. pointing to a non-existent file), remove it:</para>
  66. <screen><userinput>rm /bin/vipw</userinput></screen>
  67. <para>Now move the <userinput>sg</userinput> program to its proper place:</para>
  68. <screen><userinput>mv /bin/sg /usr/bin</userinput></screen>
  69. <para>And move Shadow's dynamic libraries to a more appropriate location:</para>
  70. <screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen>
  71. <para>As some packages expect to find the just-moved libraries in
  72. <filename>/usr/lib</filename>, create the following symlinks:</para>
  73. <screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
  74. ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen>
  75. <para>Coreutils has already installed a <userinput>groups</userinput> program
  76. in <filename>/usr/bin</filename>. If you wish, you can remove the one
  77. installed by Shadow:</para>
  78. <screen><userinput>rm /bin/groups</userinput></screen>
  79. </sect2>
  80. &c6-cf-shadowpwd;
  81. </sect1>