diff options
author | Scott Garman <scott.a.garman@intel.com> | 2011-05-11 20:04:33 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2011-06-06 15:58:41 +0100 |
commit | 133691ce920e7ff39dbebe80227e58a7aac9e3d1 (patch) | |
tree | 07d078ae285e62c273eefe9ea110ce14973cb991 | |
parent | 20ef3425b2788407ac53dff5403c6c10a58bab7f (diff) | |
download | poky-133691ce920e7ff39dbebe80227e58a7aac9e3d1.tar.gz |
base-passwd: populate the target sysroot with passwd/group/login.defs
The passwd, group, and login.defs files in the target sysroot will
be used when recipes create custom user and group permissions in
their packages.
(From OE-Core rev: 4450b73e57bcd73b8d09d8cd898a97bad04ae27b)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs | 386 | ||||
-rw-r--r-- | meta/recipes-core/base-passwd/base-passwd_3.5.22.bb | 27 |
2 files changed, 411 insertions, 2 deletions
diff --git a/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs b/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs new file mode 100644 index 0000000000..1d392acf2b --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs | |||
@@ -0,0 +1,386 @@ | |||
1 | # | ||
2 | # /etc/login.defs - Configuration control definitions for the shadow package. | ||
3 | # | ||
4 | # $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $ | ||
5 | # | ||
6 | |||
7 | # | ||
8 | # Delay in seconds before being allowed another attempt after a login failure | ||
9 | # Note: When PAM is used, some modules may enfore a minimal delay (e.g. | ||
10 | # pam_unix enforces a 2s delay) | ||
11 | # | ||
12 | FAIL_DELAY 3 | ||
13 | |||
14 | # | ||
15 | # Enable logging and display of /var/log/faillog login failure info. | ||
16 | # | ||
17 | FAILLOG_ENAB yes | ||
18 | |||
19 | # | ||
20 | # Enable display of unknown usernames when login failures are recorded. | ||
21 | # | ||
22 | LOG_UNKFAIL_ENAB no | ||
23 | |||
24 | # | ||
25 | # Enable logging of successful logins | ||
26 | # | ||
27 | LOG_OK_LOGINS no | ||
28 | |||
29 | # | ||
30 | # Enable logging and display of /var/log/lastlog login time info. | ||
31 | # | ||
32 | LASTLOG_ENAB yes | ||
33 | |||
34 | # | ||
35 | # Enable checking and display of mailbox status upon login. | ||
36 | # | ||
37 | # Disable if the shell startup files already check for mail | ||
38 | # ("mailx -e" or equivalent). | ||
39 | # | ||
40 | #MAIL_CHECK_ENAB yes | ||
41 | |||
42 | # | ||
43 | # Enable additional checks upon password changes. | ||
44 | # | ||
45 | OBSCURE_CHECKS_ENAB yes | ||
46 | |||
47 | # | ||
48 | # Enable checking of time restrictions specified in /etc/porttime. | ||
49 | # | ||
50 | PORTTIME_CHECKS_ENAB yes | ||
51 | |||
52 | # | ||
53 | # Enable setting of ulimit, umask, and niceness from passwd gecos field. | ||
54 | # | ||
55 | QUOTAS_ENAB yes | ||
56 | |||
57 | # | ||
58 | # Enable "syslog" logging of su activity - in addition to sulog file logging. | ||
59 | # SYSLOG_SG_ENAB does the same for newgrp and sg. | ||
60 | # | ||
61 | SYSLOG_SU_ENAB yes | ||
62 | SYSLOG_SG_ENAB yes | ||
63 | |||
64 | # | ||
65 | # If defined, either full pathname of a file containing device names or | ||
66 | # a ":" delimited list of device names. Root logins will be allowed only | ||
67 | # upon these devices. | ||
68 | # | ||
69 | CONSOLE /etc/securetty | ||
70 | #CONSOLE console:tty01:tty02:tty03:tty04 | ||
71 | |||
72 | # | ||
73 | # If defined, all su activity is logged to this file. | ||
74 | # | ||
75 | #SULOG_FILE /var/log/sulog | ||
76 | |||
77 | # | ||
78 | # If defined, ":" delimited list of "message of the day" files to | ||
79 | # be displayed upon login. | ||
80 | # | ||
81 | MOTD_FILE /etc/motd | ||
82 | #MOTD_FILE /etc/motd:/usr/lib/news/news-motd | ||
83 | |||
84 | # | ||
85 | # If defined, this file will be output before each login prompt. | ||
86 | # | ||
87 | #ISSUE_FILE /etc/issue | ||
88 | |||
89 | # | ||
90 | # If defined, file which maps tty line to TERM environment parameter. | ||
91 | # Each line of the file is in a format something like "vt100 tty01". | ||
92 | # | ||
93 | #TTYTYPE_FILE /etc/ttytype | ||
94 | |||
95 | # | ||
96 | # If defined, login failures will be logged here in a utmp format. | ||
97 | # last, when invoked as lastb, will read /var/log/btmp, so... | ||
98 | # | ||
99 | FTMP_FILE /var/log/btmp | ||
100 | |||
101 | # | ||
102 | # If defined, name of file whose presence which will inhibit non-root | ||
103 | # logins. The contents of this file should be a message indicating | ||
104 | # why logins are inhibited. | ||
105 | # | ||
106 | NOLOGINS_FILE /etc/nologin | ||
107 | |||
108 | # | ||
109 | # If defined, the command name to display when running "su -". For | ||
110 | # example, if this is defined as "su" then a "ps" will display the | ||
111 | # command is "-su". If not defined, then "ps" would display the | ||
112 | # name of the shell actually being run, e.g. something like "-sh". | ||
113 | # | ||
114 | SU_NAME su | ||
115 | |||
116 | # | ||
117 | # *REQUIRED* | ||
118 | # Directory where mailboxes reside, _or_ name of file, relative to the | ||
119 | # home directory. If you _do_ define both, #MAIL_DIR takes precedence. | ||
120 | # | ||
121 | #MAIL_DIR /var/spool/mail | ||
122 | MAIL_FILE .mail | ||
123 | |||
124 | # | ||
125 | # If defined, file which inhibits all the usual chatter during the login | ||
126 | # sequence. If a full pathname, then hushed mode will be enabled if the | ||
127 | # user's name or shell are found in the file. If not a full pathname, then | ||
128 | # hushed mode will be enabled if the file exists in the user's home directory. | ||
129 | # | ||
130 | HUSHLOGIN_FILE .hushlogin | ||
131 | #HUSHLOGIN_FILE /etc/hushlogins | ||
132 | |||
133 | # | ||
134 | # If defined, either a TZ environment parameter spec or the | ||
135 | # fully-rooted pathname of a file containing such a spec. | ||
136 | # | ||
137 | #ENV_TZ TZ=CST6CDT | ||
138 | #ENV_TZ /etc/tzname | ||
139 | |||
140 | # | ||
141 | # If defined, an HZ environment parameter spec. | ||
142 | # | ||
143 | # for Linux/x86 | ||
144 | ENV_HZ HZ=100 | ||
145 | # For Linux/Alpha... | ||
146 | #ENV_HZ HZ=1024 | ||
147 | |||
148 | # | ||
149 | # *REQUIRED* The default PATH settings, for superuser and normal users. | ||
150 | # | ||
151 | # (they are minimal, add the rest in the shell startup files) | ||
152 | ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
153 | ENV_PATH PATH=/bin:/usr/bin | ||
154 | |||
155 | # | ||
156 | # Terminal permissions | ||
157 | # | ||
158 | # TTYGROUP Login tty will be assigned this group ownership. | ||
159 | # TTYPERM Login tty will be set to this permission. | ||
160 | # | ||
161 | # If you have a "write" program which is "setgid" to a special group | ||
162 | # which owns the terminals, define TTYGROUP to the group number and | ||
163 | # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign | ||
164 | # TTYPERM to either 622 or 600. | ||
165 | # | ||
166 | TTYGROUP tty | ||
167 | TTYPERM 0600 | ||
168 | |||
169 | # | ||
170 | # Login configuration initializations: | ||
171 | # | ||
172 | # ERASECHAR Terminal ERASE character ('\010' = backspace). | ||
173 | # KILLCHAR Terminal KILL character ('\025' = CTRL/U). | ||
174 | # ULIMIT Default "ulimit" value. | ||
175 | # | ||
176 | # The ERASECHAR and KILLCHAR are used only on System V machines. | ||
177 | # The ULIMIT is used only if the system supports it. | ||
178 | # (now it works with setrlimit too; ulimit is in 512-byte units) | ||
179 | # | ||
180 | # Prefix these values with "0" to get octal, "0x" to get hexadecimal. | ||
181 | # | ||
182 | ERASECHAR 0177 | ||
183 | KILLCHAR 025 | ||
184 | #ULIMIT 2097152 | ||
185 | |||
186 | # Default initial "umask" value for non-PAM enabled systems. | ||
187 | # UMASK is also used by useradd and newusers to set the mode of new home | ||
188 | # directories. | ||
189 | # 022 is the default value, but 027, or even 077, could be considered | ||
190 | # better for privacy. There is no One True Answer here: each sysadmin | ||
191 | # must make up her mind. | ||
192 | UMASK 022 | ||
193 | |||
194 | # | ||
195 | # Password aging controls: | ||
196 | # | ||
197 | # PASS_MAX_DAYS Maximum number of days a password may be used. | ||
198 | # PASS_MIN_DAYS Minimum number of days allowed between password changes. | ||
199 | # PASS_MIN_LEN Minimum acceptable password length. | ||
200 | # PASS_WARN_AGE Number of days warning given before a password expires. | ||
201 | # | ||
202 | PASS_MAX_DAYS 99999 | ||
203 | PASS_MIN_DAYS 0 | ||
204 | PASS_MIN_LEN 5 | ||
205 | PASS_WARN_AGE 7 | ||
206 | |||
207 | # | ||
208 | # If "yes", the user must be listed as a member of the first gid 0 group | ||
209 | # in /etc/group (called "root" on most Linux systems) to be able to "su" | ||
210 | # to uid 0 accounts. If the group doesn't exist or is empty, no one | ||
211 | # will be able to "su" to uid 0. | ||
212 | # | ||
213 | SU_WHEEL_ONLY no | ||
214 | |||
215 | # | ||
216 | # If compiled with cracklib support, where are the dictionaries | ||
217 | # | ||
218 | CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict | ||
219 | |||
220 | # | ||
221 | # Min/max values for automatic uid selection in useradd | ||
222 | # | ||
223 | UID_MIN 1000 | ||
224 | UID_MAX 60000 | ||
225 | # System accounts | ||
226 | SYS_UID_MIN 101 | ||
227 | SYS_UID_MAX 999 | ||
228 | |||
229 | # | ||
230 | # Min/max values for automatic gid selection in groupadd | ||
231 | # | ||
232 | GID_MIN 1000 | ||
233 | GID_MAX 60000 | ||
234 | # System accounts | ||
235 | SYS_GID_MIN 101 | ||
236 | SYS_GID_MAX 999 | ||
237 | |||
238 | # | ||
239 | # Max number of login retries if password is bad | ||
240 | # | ||
241 | LOGIN_RETRIES 5 | ||
242 | |||
243 | # | ||
244 | # Max time in seconds for login | ||
245 | # | ||
246 | LOGIN_TIMEOUT 60 | ||
247 | |||
248 | # | ||
249 | # Maximum number of attempts to change password if rejected (too easy) | ||
250 | # | ||
251 | PASS_CHANGE_TRIES 5 | ||
252 | |||
253 | # | ||
254 | # Warn about weak passwords (but still allow them) if you are root. | ||
255 | # | ||
256 | PASS_ALWAYS_WARN yes | ||
257 | |||
258 | # | ||
259 | # Number of significant characters in the password for crypt(). | ||
260 | # Default is 8, don't change unless your crypt() is better. | ||
261 | # Ignored if MD5_CRYPT_ENAB set to "yes". | ||
262 | # | ||
263 | #PASS_MAX_LEN 8 | ||
264 | |||
265 | # | ||
266 | # Require password before chfn/chsh can make any changes. | ||
267 | # | ||
268 | CHFN_AUTH yes | ||
269 | |||
270 | # | ||
271 | # Which fields may be changed by regular users using chfn - use | ||
272 | # any combination of letters "frwh" (full name, room number, work | ||
273 | # phone, home phone). If not defined, no changes are allowed. | ||
274 | # For backward compatibility, "yes" = "rwh" and "no" = "frwh". | ||
275 | # | ||
276 | CHFN_RESTRICT rwh | ||
277 | |||
278 | # | ||
279 | # Password prompt (%s will be replaced by user name). | ||
280 | # | ||
281 | # XXX - it doesn't work correctly yet, for now leave it commented out | ||
282 | # to use the default which is just "Password: ". | ||
283 | #LOGIN_STRING "%s's Password: " | ||
284 | |||
285 | # | ||
286 | # Only works if compiled with MD5_CRYPT defined: | ||
287 | # If set to "yes", new passwords will be encrypted using the MD5-based | ||
288 | # algorithm compatible with the one used by recent releases of FreeBSD. | ||
289 | # It supports passwords of unlimited length and longer salt strings. | ||
290 | # Set to "no" if you need to copy encrypted passwords to other systems | ||
291 | # which don't understand the new algorithm. Default is "no". | ||
292 | # | ||
293 | # Note: If you use PAM, it is recommended to use a value consistent with | ||
294 | # the PAM modules configuration. | ||
295 | # | ||
296 | # This variable is deprecated. You should use ENCRYPT_METHOD. | ||
297 | # | ||
298 | #MD5_CRYPT_ENAB no | ||
299 | |||
300 | # | ||
301 | # Only works if compiled with ENCRYPTMETHOD_SELECT defined: | ||
302 | # If set to MD5 , MD5-based algorithm will be used for encrypting password | ||
303 | # If set to SHA256, SHA256-based algorithm will be used for encrypting password | ||
304 | # If set to SHA512, SHA512-based algorithm will be used for encrypting password | ||
305 | # If set to DES, DES-based algorithm will be used for encrypting password (default) | ||
306 | # Overrides the MD5_CRYPT_ENAB option | ||
307 | # | ||
308 | # Note: If you use PAM, it is recommended to use a value consistent with | ||
309 | # the PAM modules configuration. | ||
310 | # | ||
311 | #ENCRYPT_METHOD DES | ||
312 | |||
313 | # | ||
314 | # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. | ||
315 | # | ||
316 | # Define the number of SHA rounds. | ||
317 | # With a lot of rounds, it is more difficult to brute forcing the password. | ||
318 | # But note also that it more CPU resources will be needed to authenticate | ||
319 | # users. | ||
320 | # | ||
321 | # If not specified, the libc will choose the default number of rounds (5000). | ||
322 | # The values must be inside the 1000-999999999 range. | ||
323 | # If only one of the MIN or MAX values is set, then this value will be used. | ||
324 | # If MIN > MAX, the highest value will be used. | ||
325 | # | ||
326 | # SHA_CRYPT_MIN_ROUNDS 5000 | ||
327 | # SHA_CRYPT_MAX_ROUNDS 5000 | ||
328 | |||
329 | # | ||
330 | # List of groups to add to the user's supplementary group set | ||
331 | # when logging in on the console (as determined by the CONSOLE | ||
332 | # setting). Default is none. | ||
333 | # | ||
334 | # Use with caution - it is possible for users to gain permanent | ||
335 | # access to these groups, even when not logged in on the console. | ||
336 | # How to do it is left as an exercise for the reader... | ||
337 | # | ||
338 | #CONSOLE_GROUPS floppy:audio:cdrom | ||
339 | |||
340 | # | ||
341 | # Should login be allowed if we can't cd to the home directory? | ||
342 | # Default in no. | ||
343 | # | ||
344 | DEFAULT_HOME yes | ||
345 | |||
346 | # | ||
347 | # If this file exists and is readable, login environment will be | ||
348 | # read from it. Every line should be in the form name=value. | ||
349 | # | ||
350 | ENVIRON_FILE /etc/environment | ||
351 | |||
352 | # | ||
353 | # If defined, this command is run when removing a user. | ||
354 | # It should remove any at/cron/print jobs etc. owned by | ||
355 | # the user to be removed (passed as the first argument). | ||
356 | # | ||
357 | #USERDEL_CMD /usr/sbin/userdel_local | ||
358 | |||
359 | # | ||
360 | # Enable setting of the umask group bits to be the same as owner bits | ||
361 | # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is | ||
362 | # the same as gid, and username is the same as the primary group name. | ||
363 | # | ||
364 | # This also enables userdel to remove user groups if no members exist. | ||
365 | # | ||
366 | USERGROUPS_ENAB yes | ||
367 | |||
368 | # | ||
369 | # If set to a non-nul number, the shadow utilities will make sure that | ||
370 | # groups never have more than this number of users on one line. | ||
371 | # This permit to support split groups (groups split into multiple lines, | ||
372 | # with the same group ID, to avoid limitation of the line length in the | ||
373 | # group file). | ||
374 | # | ||
375 | # 0 is the default value and disables this feature. | ||
376 | # | ||
377 | #MAX_MEMBERS_PER_GROUP 0 | ||
378 | |||
379 | # | ||
380 | # If useradd should create home directories for users by default (non | ||
381 | # system users only) | ||
382 | # This option is overridden with the -M or -m flags on the useradd command | ||
383 | # line. | ||
384 | # | ||
385 | CREATE_HOME yes | ||
386 | |||
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb index 6f768ca972..3315c68196 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb | |||
@@ -1,13 +1,14 @@ | |||
1 | SUMMARY = "Base system master password/group files." | 1 | SUMMARY = "Base system master password/group files." |
2 | DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files." | 2 | DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files." |
3 | SECTION = "base" | 3 | SECTION = "base" |
4 | PR = "r1" | 4 | PR = "r2" |
5 | LICENSE = "GPLv2+" | 5 | LICENSE = "GPLv2+" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" |
7 | 7 | ||
8 | SRC_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/base-passwd_${PV}.tar.gz \ | 8 | SRC_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/base-passwd_${PV}.tar.gz \ |
9 | file://nobash.patch \ | 9 | file://nobash.patch \ |
10 | file://root-home.patch" | 10 | file://root-home.patch \ |
11 | file://login.defs" | ||
11 | 12 | ||
12 | SRC_URI[md5sum] = "47f22ab6b572d0133409ff6ad1fab402" | 13 | SRC_URI[md5sum] = "47f22ab6b572d0133409ff6ad1fab402" |
13 | SRC_URI[sha256sum] = "d34acb35a9f9f221e7e4f642b9ef4b22083dd77bb2fc7216756f445316d842fc" | 14 | SRC_URI[sha256sum] = "d34acb35a9f9f221e7e4f642b9ef4b22083dd77bb2fc7216756f445316d842fc" |
@@ -16,6 +17,8 @@ S = "${WORKDIR}/base-passwd" | |||
16 | 17 | ||
17 | inherit autotools | 18 | inherit autotools |
18 | 19 | ||
20 | SSTATEPOSTINSTFUNCS += "base_passwd_sstate_postinst" | ||
21 | |||
19 | do_install () { | 22 | do_install () { |
20 | install -d -m 755 ${D}${sbindir} | 23 | install -d -m 755 ${D}${sbindir} |
21 | install -p -m 755 update-passwd ${D}${sbindir}/ | 24 | install -p -m 755 update-passwd ${D}${sbindir}/ |
@@ -27,6 +30,7 @@ do_install () { | |||
27 | install -d -m 755 ${D}${datadir}/base-passwd | 30 | install -d -m 755 ${D}${datadir}/base-passwd |
28 | install -p -m 644 passwd.master ${D}${datadir}/base-passwd/ | 31 | install -p -m 644 passwd.master ${D}${datadir}/base-passwd/ |
29 | install -p -m 644 group.master ${D}${datadir}/base-passwd/ | 32 | install -p -m 644 group.master ${D}${datadir}/base-passwd/ |
33 | install -p -m 644 ${S}/../login.defs ${D}${datadir}/base-passwd/login.defs | ||
30 | 34 | ||
31 | install -d -m 755 ${D}${docdir}/${PN} | 35 | install -d -m 755 ${D}${docdir}/${PN} |
32 | install -p -m 644 debian/changelog ${D}${docdir}/${PN}/ | 36 | install -p -m 644 debian/changelog ${D}${docdir}/${PN}/ |
@@ -45,5 +49,24 @@ pkg_postinst_${PN} () { | |||
45 | if [ ! -e $D${sysconfdir}/group ] ; then | 49 | if [ ! -e $D${sysconfdir}/group ] ; then |
46 | cp $D${datadir}/base-passwd/group.master $D${sysconfdir}/group | 50 | cp $D${datadir}/base-passwd/group.master $D${sysconfdir}/group |
47 | fi | 51 | fi |
52 | |||
53 | if [ ! -e $D{sysconfdir}/login.defs ] ; then | ||
54 | cp $D${datadir}/base-passwd/login.defs $D${sysconfdir}/login.defs | ||
55 | fi | ||
48 | exit 0 | 56 | exit 0 |
49 | } | 57 | } |
58 | |||
59 | base_passwd_sstate_postinst() { | ||
60 | if [ "${BB_CURRENTTASK}" = "populate_sysroot" -o "${BB_CURRENTTASK}" = "populate_sysroot_setscene" ] | ||
61 | then | ||
62 | # Staging does not copy ${sysconfdir} files into the | ||
63 | # target sysroot, so we need to do so manually. We | ||
64 | # put these files in the target sysroot so they can | ||
65 | # be used by recipes which use custom user/group | ||
66 | # permissions. | ||
67 | install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir} | ||
68 | install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/passwd.master ${STAGING_DIR_TARGET}${sysconfdir}/passwd | ||
69 | install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/group.master ${STAGING_DIR_TARGET}${sysconfdir}/group | ||
70 | install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/login.defs ${STAGING_DIR_TARGET}/${sysconfdir}/login.defs | ||
71 | fi | ||
72 | } | ||