base-passwd: remove login.defs references

login.defs is owned by shadow-utils, and doesn't belong here. The shadow-sysroot recipe was created to handle the case this was originally added for (useradd.bbclass support). (From OE-Core rev: 3244e21b0d4bd7472330d058b97dc62ea79e0ef9) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Scott Garman <scott.a.garman@intel.com> 2011-06-20 17:21:16 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2011-06-28 13:55:41 +0100
commit: 1ac7d1cab89f32280db0f103dbfd02455fea5b92 (patch)
tree: d3b7e816633d256406360d7053a5c7f9259d5985 /meta
parent: c82a1b111dfb988a2a64a263ddd7fb482f67c80f (diff)
download: poky-1ac7d1cab89f32280db0f103dbfd02455fea5b92.tar.gz
2 files changed, 1 insertions, 394 deletions
diff --git a/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs b/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs
deleted file mode 100644
index 1d392acf2b..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs
+++ /dev/null
@@ -1,386 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the shadow package.
-#
-#       $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
-#
-#
-# Delay in seconds before being allowed another attempt after a login failure
-# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
-#       pam_unix enforces a 2s delay)
-#
-FAIL_DELAY              3
-#
-# Enable logging and display of /var/log/faillog login failure info.
-#
-FAILLOG_ENAB            yes
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-LOG_UNKFAIL_ENAB        no
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS           no
-#
-# Enable logging and display of /var/log/lastlog login time info.
-#
-LASTLOG_ENAB            yes
-#
-# Enable checking and display of mailbox status upon login.
-#
-# Disable if the shell startup files already check for mail
-# ("mailx -e" or equivalent).
-#
-#MAIL_CHECK_ENAB                yes
-#
-# Enable additional checks upon password changes.
-#
-OBSCURE_CHECKS_ENAB     yes
-#
-# Enable checking of time restrictions specified in /etc/porttime.
-#
-PORTTIME_CHECKS_ENAB    yes
-#
-# Enable setting of ulimit, umask, and niceness from passwd gecos field.
-#
-QUOTAS_ENAB             yes
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB          yes
-SYSLOG_SG_ENAB          yes
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names.  Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE         /etc/securetty
-#CONSOLE        console:tty01:tty02:tty03:tty04
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE     /var/log/sulog
-#
-# If defined, ":" delimited list of "message of the day" files to
-# be displayed upon login.
-#
-MOTD_FILE       /etc/motd
-#MOTD_FILE      /etc/motd:/usr/lib/news/news-motd
-#
-# If defined, this file will be output before each login prompt.
-#
-#ISSUE_FILE     /etc/issue
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100  tty01".
-#
-#TTYTYPE_FILE   /etc/ttytype
-#
-# If defined, login failures will be logged here in a utmp format.
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE       /var/log/btmp
-#
-# If defined, name of file whose presence which will inhibit non-root
-# logins.  The contents of this file should be a message indicating
-# why logins are inhibited.
-#
-NOLOGINS_FILE   /etc/nologin
-#
-# If defined, the command name to display when running "su -".  For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su".  If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME         su
-#
-# *REQUIRED*
-#   Directory where mailboxes reside, _or_ name of file, relative to the
-#   home directory.  If you _do_ define both, #MAIL_DIR takes precedence.
-#
-#MAIL_DIR       /var/spool/mail
-MAIL_FILE       .mail
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence.  If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file.  If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE  .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-#
-# If defined, either a TZ environment parameter spec or the
-# fully-rooted pathname of a file containing such a spec.
-#
-#ENV_TZ         TZ=CST6CDT
-#ENV_TZ         /etc/tzname
-#
-# If defined, an HZ environment parameter spec.
-#
-# for Linux/x86
-ENV_HZ          HZ=100
-# For Linux/Alpha...
-#ENV_HZ         HZ=1024
-#
-# *REQUIRED*  The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH      PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH        PATH=/bin:/usr/bin
-#
-# Terminal permissions
-#
-#       TTYGROUP        Login tty will be assigned this group ownership.
-#       TTYPERM         Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP        tty
-TTYPERM         0600
-#
-# Login configuration initializations:
-#
-#       ERASECHAR       Terminal ERASE character ('\010' = backspace).
-#       KILLCHAR        Terminal KILL character ('\025' = CTRL/U).
-#       ULIMIT          Default "ulimit" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR       0177
-KILLCHAR        025
-#ULIMIT         2097152
-# Default initial "umask" value for non-PAM enabled systems.
-# UMASK is also used by useradd and newusers to set the mode of new home
-# directories.
-# 022 is the default value, but 027, or even 077, could be considered
-# better for privacy. There is no One True Answer here: each sysadmin
-# must make up her mind.
-UMASK           022
-#
-# Password aging controls:
-#
-#       PASS_MAX_DAYS   Maximum number of days a password may be used.
-#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
-#       PASS_MIN_LEN    Minimum acceptable password length.
-#       PASS_WARN_AGE   Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS   99999
-PASS_MIN_DAYS   0
-PASS_MIN_LEN    5
-PASS_WARN_AGE   7
-#
-# If "yes", the user must be listed as a member of the first gid 0 group
-# in /etc/group (called "root" on most Linux systems) to be able to "su"
-# to uid 0 accounts.  If the group doesn't exist or is empty, no one
-# will be able to "su" to uid 0.
-#
-SU_WHEEL_ONLY   no
-#
-# If compiled with cracklib support, where are the dictionaries
-#
-CRACKLIB_DICTPATH       /var/cache/cracklib/cracklib_dict
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN                  1000
-UID_MAX                 60000
-# System accounts
-SYS_UID_MIN               101
-SYS_UID_MAX               999
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN                  1000
-GID_MAX                 60000
-# System accounts
-SYS_GID_MIN               101
-SYS_GID_MAX               999
-#
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES           5
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT           60
-#
-# Maximum number of attempts to change password if rejected (too easy)
-#
-PASS_CHANGE_TRIES       5
-#
-# Warn about weak passwords (but still allow them) if you are root.
-#
-PASS_ALWAYS_WARN        yes
-#
-# Number of significant characters in the password for crypt().
-# Default is 8, don't change unless your crypt() is better.
-# Ignored if MD5_CRYPT_ENAB set to "yes".
-#
-#PASS_MAX_LEN           8
-#
-# Require password before chfn/chsh can make any changes.
-#
-CHFN_AUTH               yes
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone).  If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-# 
-CHFN_RESTRICT           rwh
-#
-# Password prompt (%s will be replaced by user name).
-#
-# XXX - it doesn't work correctly yet, for now leave it commented out
-# to use the default which is just "Password: ".
-#LOGIN_STRING           "%s's Password: "
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm.  Default is "no".
-#
-# Note: If you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration.
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD.
-#
-#MD5_CRYPT_ENAB no
-#
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
-# If set to MD5 , MD5-based algorithm will be used for encrypting password
-# If set to SHA256, SHA256-based algorithm will be used for encrypting password
-# If set to SHA512, SHA512-based algorithm will be used for encrypting password
-# If set to DES, DES-based algorithm will be used for encrypting password (default)
-# Overrides the MD5_CRYPT_ENAB option
-#
-# Note: If you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration.
-#
-#ENCRYPT_METHOD DES
-#
-# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
-#
-# Define the number of SHA rounds.
-# With a lot of rounds, it is more difficult to brute forcing the password.
-# But note also that it more CPU resources will be needed to authenticate
-# users.
-#
-# If not specified, the libc will choose the default number of rounds (5000).
-# The values must be inside the 1000-999999999 range.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-# SHA_CRYPT_MIN_ROUNDS 5000
-# SHA_CRYPT_MAX_ROUNDS 5000
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting).  Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-#CONSOLE_GROUPS         floppy:audio:cdrom
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME    yes
-#
-# If this file exists and is readable, login environment will be
-# read from it.  Every line should be in the form name=value.
-#
-ENVIRON_FILE    /etc/environment
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD    /usr/sbin/userdel_local
-#
-# Enable setting of the umask group bits to be the same as owner bits
-# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
-# the same as gid, and username is the same as the primary group name.
-#
-# This also enables userdel to remove user groups if no members exist.
-#
-USERGROUPS_ENAB yes
-#
-# If set to a non-nul number, the shadow utilities will make sure that
-# groups never have more than this number of users on one line.
-# This permit to support split groups (groups split into multiple lines,
-# with the same group ID, to avoid limitation of the line length in the
-# group file).
-#
-# 0 is the default value and disables this feature.
-#
-#MAX_MEMBERS_PER_GROUP  0
-#
-# If useradd should create home directories for users by default (non
-# system users only)
-# This option is overridden with the -M or -m flags on the useradd command
-# line.
-#
-CREATE_HOME     yes
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb
index 7b1fdf17c2..a155b4102d 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb
@@ -7,8 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
 SRC_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/base-passwd_${PV}.tar.gz \
           file://nobash.patch \
-           file://root-home.patch \
+           file://root-home.patch"
-           file://login.defs"
 SRC_URI[md5sum] = "47f22ab6b572d0133409ff6ad1fab402"
 SRC_URI[sha256sum] = "d34acb35a9f9f221e7e4f642b9ef4b22083dd77bb2fc7216756f445316d842fc"
@@ -30,7 +29,6 @@ do_install () {
        install -d -m 755 ${D}${datadir}/base-passwd
        install -o root -g root -p -m 644 passwd.master ${D}${datadir}/base-passwd/
        install -o root -g root -p -m 644 group.master ${D}${datadir}/base-passwd/
-        install -o root -g root -p -m 644 ${S}/../login.defs ${D}${datadir}/base-passwd/login.defs
        install -d -m 755 ${D}${docdir}/${PN}
        install -p -m 644 debian/changelog ${D}${docdir}/${PN}/
@@ -49,10 +47,6 @@ pkg_postinst_${PN} () {
        if [ ! -e $D${sysconfdir}/group ] ; then
                cp $D${datadir}/base-passwd/group.master $D${sysconfdir}/group
        fi
-        if [ ! -e $D{sysconfdir}/login.defs ] ; then
-                cp $D${datadir}/base-passwd/login.defs $D${sysconfdir}/login.defs
-        fi
        exit 0
 }
@@ -67,6 +61,5 @@ base_passwd_sstate_postinst() {
                install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
                install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/passwd.master ${STAGING_DIR_TARGET}${sysconfdir}/passwd
                install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/group.master ${STAGING_DIR_TARGET}${sysconfdir}/group
-                install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/login.defs ${STAGING_DIR_TARGET}/${sysconfdir}/login.defs
        fi
 }
author	Scott Garman <scott.a.garman@intel.com>	2011-06-20 17:21:16 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2011-06-28 13:55:41 +0100
commit	1ac7d1cab89f32280db0f103dbfd02455fea5b92 (patch)
tree	d3b7e816633d256406360d7053a5c7f9259d5985 /meta
parent	c82a1b111dfb988a2a64a263ddd7fb482f67c80f (diff)
download	poky-1ac7d1cab89f32280db0f103dbfd02455fea5b92.tar.gz

diff --git a/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs b/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs deleted file mode 100644 index 1d392acf2b..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd-3.5.22/login.defs +++ /dev/null
@@ -1,386 +0,0 @@
1	#
2	# /etc/login.defs - Configuration control definitions for the shadow package.
3	#
4	# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
5	#
6
7	#
8	# Delay in seconds before being allowed another attempt after a login failure
9	# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
10	# pam_unix enforces a 2s delay)
11	#
12	FAIL_DELAY 3
13
14	#
15	# Enable logging and display of /var/log/faillog login failure info.
16	#
17	FAILLOG_ENAB yes
18
19	#
20	# Enable display of unknown usernames when login failures are recorded.
21	#
22	LOG_UNKFAIL_ENAB no
23
24	#
25	# Enable logging of successful logins
26	#
27	LOG_OK_LOGINS no
28
29	#
30	# Enable logging and display of /var/log/lastlog login time info.
31	#
32	LASTLOG_ENAB yes
33
34	#
35	# Enable checking and display of mailbox status upon login.
36	#
37	# Disable if the shell startup files already check for mail
38	# ("mailx -e" or equivalent).
39	#
40	#MAIL_CHECK_ENAB yes
41
42	#
43	# Enable additional checks upon password changes.
44	#
45	OBSCURE_CHECKS_ENAB yes
46
47	#
48	# Enable checking of time restrictions specified in /etc/porttime.
49	#
50	PORTTIME_CHECKS_ENAB yes
51
52	#
53	# Enable setting of ulimit, umask, and niceness from passwd gecos field.
54	#
55	QUOTAS_ENAB yes
56
57	#
58	# Enable "syslog" logging of su activity - in addition to sulog file logging.
59	# SYSLOG_SG_ENAB does the same for newgrp and sg.
60	#
61	SYSLOG_SU_ENAB yes
62	SYSLOG_SG_ENAB yes
63
64	#
65	# If defined, either full pathname of a file containing device names or
66	# a ":" delimited list of device names. Root logins will be allowed only
67	# upon these devices.
68	#
69	CONSOLE /etc/securetty
70	#CONSOLE console:tty01:tty02:tty03:tty04
71
72	#
73	# If defined, all su activity is logged to this file.
74	#
75	#SULOG_FILE /var/log/sulog
76
77	#
78	# If defined, ":" delimited list of "message of the day" files to
79	# be displayed upon login.
80	#
81	MOTD_FILE /etc/motd
82	#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
83
84	#
85	# If defined, this file will be output before each login prompt.
86	#
87	#ISSUE_FILE /etc/issue
88
89	#
90	# If defined, file which maps tty line to TERM environment parameter.
91	# Each line of the file is in a format something like "vt100 tty01".
92	#
93	#TTYTYPE_FILE /etc/ttytype
94
95	#
96	# If defined, login failures will be logged here in a utmp format.
97	# last, when invoked as lastb, will read /var/log/btmp, so...
98	#
99	FTMP_FILE /var/log/btmp
100
101	#
102	# If defined, name of file whose presence which will inhibit non-root
103	# logins. The contents of this file should be a message indicating
104	# why logins are inhibited.
105	#
106	NOLOGINS_FILE /etc/nologin
107
108	#
109	# If defined, the command name to display when running "su -". For
110	# example, if this is defined as "su" then a "ps" will display the
111	# command is "-su". If not defined, then "ps" would display the
112	# name of the shell actually being run, e.g. something like "-sh".
113	#
114	SU_NAME su
115
116	#
117	# REQUIRED
118	# Directory where mailboxes reside, _or_ name of file, relative to the
119	# home directory. If you _do_ define both, #MAIL_DIR takes precedence.
120	#
121	#MAIL_DIR /var/spool/mail
122	MAIL_FILE .mail
123
124	#
125	# If defined, file which inhibits all the usual chatter during the login
126	# sequence. If a full pathname, then hushed mode will be enabled if the
127	# user's name or shell are found in the file. If not a full pathname, then
128	# hushed mode will be enabled if the file exists in the user's home directory.
129	#
130	HUSHLOGIN_FILE .hushlogin
131	#HUSHLOGIN_FILE /etc/hushlogins
132
133	#
134	# If defined, either a TZ environment parameter spec or the
135	# fully-rooted pathname of a file containing such a spec.
136	#
137	#ENV_TZ TZ=CST6CDT
138	#ENV_TZ /etc/tzname
139
140	#
141	# If defined, an HZ environment parameter spec.
142	#
143	# for Linux/x86
144	ENV_HZ HZ=100
145	# For Linux/Alpha...
146	#ENV_HZ HZ=1024
147
148	#
149	# REQUIRED The default PATH settings, for superuser and normal users.
150	#
151	# (they are minimal, add the rest in the shell startup files)
152	ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
153	ENV_PATH PATH=/bin:/usr/bin
154
155	#
156	# Terminal permissions
157	#
158	# TTYGROUP Login tty will be assigned this group ownership.
159	# TTYPERM Login tty will be set to this permission.
160	#
161	# If you have a "write" program which is "setgid" to a special group
162	# which owns the terminals, define TTYGROUP to the group number and
163	# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
164	# TTYPERM to either 622 or 600.
165	#
166	TTYGROUP tty
167	TTYPERM 0600
168
169	#
170	# Login configuration initializations:
171	#
172	# ERASECHAR Terminal ERASE character ('\010' = backspace).
173	# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
174	# ULIMIT Default "ulimit" value.
175	#
176	# The ERASECHAR and KILLCHAR are used only on System V machines.
177	# The ULIMIT is used only if the system supports it.
178	# (now it works with setrlimit too; ulimit is in 512-byte units)
179	#
180	# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
181	#
182	ERASECHAR 0177
183	KILLCHAR 025
184	#ULIMIT 2097152
185
186	# Default initial "umask" value for non-PAM enabled systems.
187	# UMASK is also used by useradd and newusers to set the mode of new home
188	# directories.
189	# 022 is the default value, but 027, or even 077, could be considered
190	# better for privacy. There is no One True Answer here: each sysadmin
191	# must make up her mind.
192	UMASK 022
193
194	#
195	# Password aging controls:
196	#
197	# PASS_MAX_DAYS Maximum number of days a password may be used.
198	# PASS_MIN_DAYS Minimum number of days allowed between password changes.
199	# PASS_MIN_LEN Minimum acceptable password length.
200	# PASS_WARN_AGE Number of days warning given before a password expires.
201	#
202	PASS_MAX_DAYS 99999
203	PASS_MIN_DAYS 0
204	PASS_MIN_LEN 5
205	PASS_WARN_AGE 7
206
207	#
208	# If "yes", the user must be listed as a member of the first gid 0 group
209	# in /etc/group (called "root" on most Linux systems) to be able to "su"
210	# to uid 0 accounts. If the group doesn't exist or is empty, no one
211	# will be able to "su" to uid 0.
212	#
213	SU_WHEEL_ONLY no
214
215	#
216	# If compiled with cracklib support, where are the dictionaries
217	#
218	CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
219
220	#
221	# Min/max values for automatic uid selection in useradd
222	#
223	UID_MIN 1000
224	UID_MAX 60000
225	# System accounts
226	SYS_UID_MIN 101
227	SYS_UID_MAX 999
228
229	#
230	# Min/max values for automatic gid selection in groupadd
231	#
232	GID_MIN 1000
233	GID_MAX 60000
234	# System accounts
235	SYS_GID_MIN 101
236	SYS_GID_MAX 999
237
238	#
239	# Max number of login retries if password is bad
240	#
241	LOGIN_RETRIES 5
242
243	#
244	# Max time in seconds for login
245	#
246	LOGIN_TIMEOUT 60
247
248	#
249	# Maximum number of attempts to change password if rejected (too easy)
250	#
251	PASS_CHANGE_TRIES 5
252
253	#
254	# Warn about weak passwords (but still allow them) if you are root.
255	#
256	PASS_ALWAYS_WARN yes
257
258	#
259	# Number of significant characters in the password for crypt().
260	# Default is 8, don't change unless your crypt() is better.
261	# Ignored if MD5_CRYPT_ENAB set to "yes".
262	#
263	#PASS_MAX_LEN 8
264
265	#
266	# Require password before chfn/chsh can make any changes.
267	#
268	CHFN_AUTH yes
269
270	#
271	# Which fields may be changed by regular users using chfn - use
272	# any combination of letters "frwh" (full name, room number, work
273	# phone, home phone). If not defined, no changes are allowed.
274	# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
275	#
276	CHFN_RESTRICT rwh
277
278	#
279	# Password prompt (%s will be replaced by user name).
280	#
281	# XXX - it doesn't work correctly yet, for now leave it commented out
282	# to use the default which is just "Password: ".
283	#LOGIN_STRING "%s's Password: "
284
285	#
286	# Only works if compiled with MD5_CRYPT defined:
287	# If set to "yes", new passwords will be encrypted using the MD5-based
288	# algorithm compatible with the one used by recent releases of FreeBSD.
289	# It supports passwords of unlimited length and longer salt strings.
290	# Set to "no" if you need to copy encrypted passwords to other systems
291	# which don't understand the new algorithm. Default is "no".
292	#
293	# Note: If you use PAM, it is recommended to use a value consistent with
294	# the PAM modules configuration.
295	#
296	# This variable is deprecated. You should use ENCRYPT_METHOD.
297	#
298	#MD5_CRYPT_ENAB no
299
300	#
301	# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
302	# If set to MD5 , MD5-based algorithm will be used for encrypting password
303	# If set to SHA256, SHA256-based algorithm will be used for encrypting password
304	# If set to SHA512, SHA512-based algorithm will be used for encrypting password
305	# If set to DES, DES-based algorithm will be used for encrypting password (default)
306	# Overrides the MD5_CRYPT_ENAB option
307	#
308	# Note: If you use PAM, it is recommended to use a value consistent with
309	# the PAM modules configuration.
310	#
311	#ENCRYPT_METHOD DES
312
313	#
314	# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
315	#
316	# Define the number of SHA rounds.
317	# With a lot of rounds, it is more difficult to brute forcing the password.
318	# But note also that it more CPU resources will be needed to authenticate
319	# users.
320	#
321	# If not specified, the libc will choose the default number of rounds (5000).
322	# The values must be inside the 1000-999999999 range.
323	# If only one of the MIN or MAX values is set, then this value will be used.
324	# If MIN > MAX, the highest value will be used.
325	#
326	# SHA_CRYPT_MIN_ROUNDS 5000
327	# SHA_CRYPT_MAX_ROUNDS 5000
328
329	#
330	# List of groups to add to the user's supplementary group set
331	# when logging in on the console (as determined by the CONSOLE
332	# setting). Default is none.
333	#
334	# Use with caution - it is possible for users to gain permanent
335	# access to these groups, even when not logged in on the console.
336	# How to do it is left as an exercise for the reader...
337	#
338	#CONSOLE_GROUPS floppy:audio:cdrom
339
340	#
341	# Should login be allowed if we can't cd to the home directory?
342	# Default in no.
343	#
344	DEFAULT_HOME yes
345
346	#
347	# If this file exists and is readable, login environment will be
348	# read from it. Every line should be in the form name=value.
349	#
350	ENVIRON_FILE /etc/environment
351
352	#
353	# If defined, this command is run when removing a user.
354	# It should remove any at/cron/print jobs etc. owned by
355	# the user to be removed (passed as the first argument).
356	#
357	#USERDEL_CMD /usr/sbin/userdel_local
358
359	#
360	# Enable setting of the umask group bits to be the same as owner bits
361	# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
362	# the same as gid, and username is the same as the primary group name.
363	#
364	# This also enables userdel to remove user groups if no members exist.
365	#
366	USERGROUPS_ENAB yes
367
368	#
369	# If set to a non-nul number, the shadow utilities will make sure that
370	# groups never have more than this number of users on one line.
371	# This permit to support split groups (groups split into multiple lines,
372	# with the same group ID, to avoid limitation of the line length in the
373	# group file).
374	#
375	# 0 is the default value and disables this feature.
376	#
377	#MAX_MEMBERS_PER_GROUP 0
378
379	#
380	# If useradd should create home directories for users by default (non
381	# system users only)
382	# This option is overridden with the -M or -m flags on the useradd command
383	# line.
384	#
385	CREATE_HOME yes
386


diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb index 7b1fdf17c2..a155b4102d 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.22.bb
@@ -7,8 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
7		7
8	SRC_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/base-passwd_${PV}.tar.gz \	8	SRC_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/base-passwd_${PV}.tar.gz \
9	file://nobash.patch \	9	file://nobash.patch \
10	file://root-home.patch \	10	file://root-home.patch"
11	file://login.defs"
12		11
13	SRC_URI[md5sum] = "47f22ab6b572d0133409ff6ad1fab402"	12	SRC_URI[md5sum] = "47f22ab6b572d0133409ff6ad1fab402"
14	SRC_URI[sha256sum] = "d34acb35a9f9f221e7e4f642b9ef4b22083dd77bb2fc7216756f445316d842fc"	13	SRC_URI[sha256sum] = "d34acb35a9f9f221e7e4f642b9ef4b22083dd77bb2fc7216756f445316d842fc"
@@ -30,7 +29,6 @@ do_install () {
30	install -d -m 755 ${D}${datadir}/base-passwd	29	install -d -m 755 ${D}${datadir}/base-passwd
31	install -o root -g root -p -m 644 passwd.master ${D}${datadir}/base-passwd/	30	install -o root -g root -p -m 644 passwd.master ${D}${datadir}/base-passwd/
32	install -o root -g root -p -m 644 group.master ${D}${datadir}/base-passwd/	31	install -o root -g root -p -m 644 group.master ${D}${datadir}/base-passwd/
33	install -o root -g root -p -m 644 ${S}/../login.defs ${D}${datadir}/base-passwd/login.defs
34		32
35	install -d -m 755 ${D}${docdir}/${PN}	33	install -d -m 755 ${D}${docdir}/${PN}
36	install -p -m 644 debian/changelog ${D}${docdir}/${PN}/	34	install -p -m 644 debian/changelog ${D}${docdir}/${PN}/
@@ -49,10 +47,6 @@ pkg_postinst_${PN} () {
49	if [ ! -e $D${sysconfdir}/group ] ; then	47	if [ ! -e $D${sysconfdir}/group ] ; then
50	cp $D${datadir}/base-passwd/group.master $D${sysconfdir}/group	48	cp $D${datadir}/base-passwd/group.master $D${sysconfdir}/group
51	fi	49	fi
52
53	if [ ! -e $D{sysconfdir}/login.defs ] ; then
54	cp $D${datadir}/base-passwd/login.defs $D${sysconfdir}/login.defs
55	fi
56	exit 0	50	exit 0
57	}	51	}
58		52
@@ -67,6 +61,5 @@ base_passwd_sstate_postinst() {
67	install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}	61	install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
68	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/passwd.master ${STAGING_DIR_TARGET}${sysconfdir}/passwd	62	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/passwd.master ${STAGING_DIR_TARGET}${sysconfdir}/passwd
69	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/group.master ${STAGING_DIR_TARGET}${sysconfdir}/group	63	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/group.master ${STAGING_DIR_TARGET}${sysconfdir}/group
70	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/login.defs ${STAGING_DIR_TARGET}/${sysconfdir}/login.defs
71	fi	64	fi
72	}	65	}