2019-05-06 09:58:15 +02:00
|
|
|
Set login.defs defaults for SUSE Linux.
|
|
|
|
|
|
|
|
Index: etc/login.defs
|
|
|
|
===================================================================
|
|
|
|
--- etc/login.defs.orig
|
|
|
|
+++ etc/login.defs
|
|
|
|
@@ -3,6 +3,9 @@
|
|
|
|
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
|
|
|
|
# package as well pam pam_unix(8) from pam package.
|
|
|
|
#
|
|
|
|
+# For more, see login.defs(5). Please note that SUSE supports only variables
|
|
|
|
+# listed here! Not listed variables from login.defs(5) have no effect.
|
|
|
|
+#
|
|
|
|
|
|
|
|
#
|
|
|
|
# Delay in seconds before being allowed another attempt after a login failure
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -38,8 +41,7 @@ CONSOLE /etc/securetty
|
|
|
|
# If defined, ":" delimited list of "message of the day" files to
|
|
|
|
# be displayed upon login.
|
|
|
|
#
|
|
|
|
-MOTD_FILE /etc/motd
|
|
|
|
-#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
|
|
|
+#MOTD_FILE /etc/motd:/usr/share/misc/motd
|
|
|
|
|
|
|
|
#
|
|
|
|
# If defined, file which maps tty line to TERM environment parameter.
|
|
|
|
@@ -53,8 +55,8 @@ MOTD_FILE /etc/motd
|
2019-05-06 09:58:15 +02:00
|
|
|
# user's name or shell are found in the file. If not a full pathname, then
|
|
|
|
# hushed mode will be enabled if the file exists in the user's home directory.
|
|
|
|
#
|
|
|
|
-HUSHLOGIN_FILE .hushlogin
|
|
|
|
-#HUSHLOGIN_FILE /etc/hushlogins
|
|
|
|
+#HUSHLOGIN_FILE .hushlogin
|
|
|
|
+HUSHLOGIN_FILE /etc/hushlogins
|
|
|
|
|
|
|
|
# If this variable is set to "yes", hostname will be suppressed in the
|
|
|
|
# login: prompt.
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -73,9 +75,9 @@ HUSHLOGIN_FILE .hushlogin
|
2019-05-06 09:58:15 +02:00
|
|
|
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
|
|
|
|
# (and falback for login).
|
|
|
|
#
|
|
|
|
-ENV_PATH /bin:/usr/bin
|
|
|
|
-ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
-#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
+ENV_PATH /usr/local/bin:/bin:/usr/bin
|
|
|
|
+ENV_ROOTPATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
+#ENV_SUPATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
|
|
|
|
# If this variable is set to "yes" (default is "no"), su will always set
|
|
|
|
# path. every su call will overwrite the PATH variable.
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -99,7 +101,7 @@ ALWAYS_SET_PATH no
|
2019-05-06 09:58:15 +02:00
|
|
|
# set TTYPERM to either 622 or 600.
|
|
|
|
#
|
|
|
|
TTYGROUP tty
|
|
|
|
-TTYPERM 0600
|
|
|
|
+TTYPERM 0620
|
|
|
|
|
|
|
|
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
|
|
|
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -132,8 +134,8 @@ PASS_WARN_AGE 7
|
2019-05-06 09:58:15 +02:00
|
|
|
UID_MIN 1000
|
|
|
|
UID_MAX 60000
|
|
|
|
# System accounts
|
|
|
|
-SYS_UID_MIN 101
|
|
|
|
-SYS_UID_MAX 999
|
|
|
|
+SYS_UID_MIN 100
|
|
|
|
+SYS_UID_MAX 499
|
|
|
|
# Extra per user uids
|
|
|
|
SUB_UID_MIN 100000
|
|
|
|
SUB_UID_MAX 600100000
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -150,8 +152,8 @@ SUB_UID_COUNT 65536
|
2019-05-06 09:58:15 +02:00
|
|
|
GID_MIN 1000
|
|
|
|
GID_MAX 60000
|
|
|
|
# System accounts
|
|
|
|
-SYS_GID_MIN 101
|
|
|
|
-SYS_GID_MAX 999
|
|
|
|
+SYS_GID_MIN 100
|
|
|
|
+SYS_GID_MAX 499
|
|
|
|
# Extra per user group ids
|
|
|
|
SUB_GID_MIN 100000
|
|
|
|
SUB_GID_MAX 600100000
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -160,7 +162,7 @@ SUB_GID_COUNT 65536
|
2019-05-06 09:58:15 +02:00
|
|
|
#
|
|
|
|
# Max number of login(1) retries if password is bad
|
|
|
|
#
|
|
|
|
-LOGIN_RETRIES 5
|
|
|
|
+LOGIN_RETRIES 3
|
|
|
|
|
|
|
|
#
|
|
|
|
# Max time in seconds for login(1)
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -176,18 +178,9 @@ LOGIN_TIMEOUT 60
|
2019-05-06 09:58:15 +02:00
|
|
|
CHFN_RESTRICT rwh
|
|
|
|
|
|
|
|
#
|
|
|
|
-# If set to "yes", new passwords will be encrypted using the MD5-based
|
|
|
|
-# algorithm compatible with the one used by recent releases of FreeBSD.
|
|
|
|
-# It supports passwords of unlimited length and longer salt strings.
|
|
|
|
-# Set to "no" if you need to copy encrypted passwords to other systems
|
|
|
|
-# which don't understand the new algorithm. Default is "no".
|
|
|
|
-#
|
|
|
|
-# Note: If you use PAM, it is recommended to use a value consistent with
|
|
|
|
-# the PAM modules configuration.
|
|
|
|
-#
|
|
|
|
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
|
|
|
|
+# This variable is deprecated. Use ENCRYPT_METHOD instead!
|
|
|
|
#
|
|
|
|
-#MD5_CRYPT_ENAB no
|
|
|
|
+#MD5_CRYPT_ENAB DO_NOT_USE
|
|
|
|
|
|
|
|
#
|
|
|
|
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -201,8 +194,8 @@ CHFN_RESTRICT rwh
|
2019-05-06 09:58:15 +02:00
|
|
|
# Note: If you use PAM, it is recommended to use a value consistent with
|
|
|
|
# the PAM modules configuration.
|
|
|
|
#
|
|
|
|
-#ENCRYPT_METHOD DES
|
|
|
|
-#ENCRYPT_METHOD_NIS DES
|
|
|
|
+ENCRYPT_METHOD SHA512
|
|
|
|
+ENCRYPT_METHOD_NIS DES
|
|
|
|
|
|
|
|
#
|
|
|
|
# Number of rounds for salt.
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -271,7 +264,7 @@ USERDEL_POSTCMD /usr/sbin/userde
|
2019-05-06 09:58:15 +02:00
|
|
|
#
|
|
|
|
# This also enables userdel(8) to remove user groups if no members exist.
|
|
|
|
#
|
|
|
|
-USERGROUPS_ENAB yes
|
|
|
|
+USERGROUPS_ENAB no
|
|
|
|
|
|
|
|
#
|
|
|
|
# If set to a non-zero number, the shadow utilities will make sure that
|
2019-05-28 15:04:19 +02:00
|
|
|
@@ -290,13 +283,13 @@ USERGROUPS_ENAB yes
|
2019-05-06 09:58:15 +02:00
|
|
|
# This option is overridden with the -M or -m flags on the useradd(8)
|
|
|
|
# command-line.
|
|
|
|
#
|
|
|
|
-#CREATE_HOME yes
|
|
|
|
+CREATE_HOME no
|
|
|
|
|
|
|
|
#
|
|
|
|
# Force use shadow, even if shadow passwd & shadow group files are
|
|
|
|
# missing.
|
|
|
|
#
|
|
|
|
-#FORCE_SHADOW yes
|
|
|
|
+FORCE_SHADOW no
|
|
|
|
|
|
|
|
#
|
|
|
|
# User/group names must match the following regex expression.
|