shadow/shadow-login_defs-comments.patch

Improve comments in login.defs.

Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -3,8 +3,6 @@
 # Some variables are used by login(1), su(1) and runuser(1) from util-linux
 # package as well pam pam_unix(8) from pam package.
 #
-#	$Id$
-#
 
 #
 # Delay in seconds before being allowed another attempt after a login failure
@@ -23,15 +21,6 @@ LOG_UNKFAIL_ENAB	no
 #
 
 #
-# Limit the highest user ID number for which the lastlog entries should
-# be updated.
-#
-# No LASTLOG_UID_MAX means that there is no user ID limit for writing
-# lastlog entries.
-#
-#LASTLOG_UID_MAX
-
-#
 # Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
 # to sulog file logging.
 #
@@ -46,6 +35,15 @@ CONSOLE		/etc/securetty
 #CONSOLE	console:tty01:tty02:tty03:tty04
 
 #
+# Limit the highest user ID number for which the lastlog entries should
+# be updated.
+#
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
+# lastlog entries.
+#
+#LASTLOG_UID_MAX
+
+#
 # If defined, all su(1) activity is logged to this file.
 #
 #SULOG_FILE	/var/log/sulog
@@ -99,11 +97,14 @@ ENV_PATH	/bin:/usr/bin
 ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/bin
 #ENV_SUPATH	/sbin:/bin:/usr/sbin:/usr/bin
 
-# If this variable is set to "yes", su will always set path. every su
-# call will overwrite the PATH variable.
+# If this variable is set to "yes" (default is "no"), su will always set
+# path. every su call will overwrite the PATH variable.
 #
 # Per default, only "su -" will set a new PATH.
 #
+# The recommended value is "yes". The default "no" behavior could have
+# a security implication in applications that use commands without path.
+#
 ALWAYS_SET_PATH	no
 
 #
@@ -148,6 +149,11 @@ PASS_WARN_AGE	7
 #
 # Min/max values for automatic uid selection in useradd(8)
 #
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts.
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
+# allocated user accounts.
+#
 UID_MIN			 1000
 UID_MAX			60000
 # System accounts
@@ -161,6 +167,11 @@ SUB_UID_COUNT		    65536
 #
 # Min/max values for automatic gid selection in groupadd(8)
 #
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups.
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
+# allocated groups.
+#
 GID_MIN			 1000
 GID_MAX			60000
 # System accounts
@@ -190,7 +201,6 @@ LOGIN_TIMEOUT		60
 CHFN_RESTRICT		rwh
 
 #
-# Only works if compiled with MD5_CRYPT defined:
 # If set to "yes", new passwords will be encrypted using the MD5-based
 # algorithm compatible with the one used by recent releases of FreeBSD.
 # It supports passwords of unlimited length and longer salt strings.
@@ -205,7 +215,6 @@ CHFN_RESTRICT		rwh
 #MD5_CRYPT_ENAB	no
 
 #
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
 # If set to MD5, MD5-based algorithm will be used for encrypting password
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-login_defs-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700494 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63 2019-05-06 09:58:15 +02:00			`Improve comments in login.defs.`

			`Index: etc/login.defs`
			`===================================================================`
			`--- etc/login.defs.orig`
			`+++ etc/login.defs`
			`@@ -3,8 +3,6 @@`
			`# Some variables are used by login(1), su(1) and runuser(1) from util-linux`
			`# package as well pam pam_unix(8) from pam package.`
			`#`
			`-# $Id$`
			`-#`

			`#`
			`# Delay in seconds before being allowed another attempt after a login failure`
Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 2020-09-15 09:22:16 +02:00			`@@ -23,15 +21,6 @@ LOG_UNKFAIL_ENAB no`
			`#`

			`#`
			`-# Limit the highest user ID number for which the lastlog entries should`
			`-# be updated.`
			`-#`
			`-# No LASTLOG_UID_MAX means that there is no user ID limit for writing`
			`-# lastlog entries.`
			`-#`
			`-#LASTLOG_UID_MAX`
			`-`
			`-#`
			`# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition`
			`# to sulog file logging.`
			`#`
			`@@ -46,6 +35,15 @@ CONSOLE /etc/securetty`
Accepting request 719010 from home:sbrabec:branches:util-linux-2.34 - Fix incorrect variable name in usermod (shadow-usermod-variable.patch). - shadow-login_defs-comments.patch: * Drop SHA_CRYPT__ROUNDS that are in the upstream login.defs. Add missing LASTLOG_UID_MAX. * Refresh shadow-login_defs-suse.patch. - Port shadow-login_defs-check.sh to match the current spec file and login.defs. OBS-URL: https://build.opensuse.org/request/show/719010 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=74 2019-07-29 07:36:59 +02:00			`#CONSOLE console:tty01:tty02:tty03:tty04`

			`#`
			`+# Limit the highest user ID number for which the lastlog entries should`
			`+# be updated.`
			`+#`
			`+# No LASTLOG_UID_MAX means that there is no user ID limit for writing`
			`+# lastlog entries.`
			`+#`
			`+#LASTLOG_UID_MAX`
			`+`
			`+#`
			`# If defined, all su(1) activity is logged to this file.`
			`#`
			`#SULOG_FILE /var/log/sulog`
Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 2020-09-15 09:22:16 +02:00			`@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin`
Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-login_defs-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700494 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63 2019-05-06 09:58:15 +02:00			`ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin`
			`#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin`

			`-# If this variable is set to "yes", su will always set path. every su`
			`-# call will overwrite the PATH variable.`
			`+# If this variable is set to "yes" (default is "no"), su will always set`
			`+# path. every su call will overwrite the PATH variable.`
			`#`
			`# Per default, only "su -" will set a new PATH.`
			`#`
			`+# The recommended value is "yes". The default "no" behavior could have`
			`+# a security implication in applications that use commands without path.`
			`+#`
			`ALWAYS_SET_PATH no`

			`#`
Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 2020-09-15 09:22:16 +02:00			`@@ -148,6 +149,11 @@ PASS_WARN_AGE 7`
Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-login_defs-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700494 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63 2019-05-06 09:58:15 +02:00			`#`
			`# Min/max values for automatic uid selection in useradd(8)`
			`#`
			`+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for`
			`+# UIDs for dynamically allocated administrative and system accounts.`
			`+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically`
			`+# allocated user accounts.`
			`+#`
			`UID_MIN 1000`
			`UID_MAX 60000`
			`# System accounts`
Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 2020-09-15 09:22:16 +02:00			`@@ -161,6 +167,11 @@ SUB_UID_COUNT 65536`
Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-login_defs-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700494 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63 2019-05-06 09:58:15 +02:00			`#`
			`# Min/max values for automatic gid selection in groupadd(8)`
			`#`
			`+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for`
			`+# GIDs for dynamically allocated administrative and system groups.`
			`+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically`
			`+# allocated groups.`
			`+#`
			`GID_MIN 1000`
			`GID_MAX 60000`
			`# System accounts`
Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 2020-09-15 09:22:16 +02:00			`@@ -190,7 +201,6 @@ LOGIN_TIMEOUT 60`
Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-login_defs-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700494 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63 2019-05-06 09:58:15 +02:00			`CHFN_RESTRICT rwh`

			`#`
			`-# Only works if compiled with MD5_CRYPT defined:`
			`# If set to "yes", new passwords will be encrypted using the MD5-based`
			`# algorithm compatible with the one used by recent releases of FreeBSD.`
			`# It supports passwords of unlimited length and longer salt strings.`
Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 2020-09-15 09:22:16 +02:00			`@@ -205,7 +215,6 @@ CHFN_RESTRICT rwh`
Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-login_defs-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700494 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63 2019-05-06 09:58:15 +02:00			`#MD5_CRYPT_ENAB no`

			`#`
			`-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:`
			`# If set to MD5, MD5-based algorithm will be used for encrypting password`
			`# If set to SHA256, SHA256-based algorithm will be used for encrypting password`
			`# If set to SHA512, SHA512-based algorithm will be used for encrypting password`