SHA256
1
0
forked from pool/shadow
shadow/shadow-util-linux.patch
Michael Vetter bba5d5413c - Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs

- Update to 4.11:
  * Handle possible TOCTTOU issues in usermod/userdel
  	- (CVE-2013-4235)
  	- Use O_NOFOLLOW when copying file
  	- Kill all user tasks in userdel
  * Fix useradd -D segfault
  * Clean up obsolete libc feature-check ifdefs
  * Fix -fno-common build breaks due to duplicate Prog declarations
  * Have single date_to_str definition
  * Fix libsubid SONAME version
  * Clarify licensing info, use SPDX.

- Update to 4.10:
  * From this release forward, su from this package should be
    considered deprecated. Please replace any users of it with su
	from util-linux
  * libsubid fixes
  * Rename the test program list_subid_ranges to getsubids, write
    a manpage, so distros can ship it.
  * Add libeconf dep for new*idmap
  * Allow all group types with usermod -G
  * Avoid useradd generating empty subid range
  * Handle NULL pw_passwd
  * Fix default value SHA_get_salt_rounds
  * Use https where possible in README
  * Update content and format of README
  * Translation updates

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=118
2022-01-03 12:19:45 +00:00

140 lines
3.9 KiB
Diff

Add variables referred by util-linux login, runuser and su, but not by
shadow.
Delete variables used by shadow implementation of login, su and runuser
that has no use in util-linux implementation.
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -1,5 +1,7 @@
#
# /etc/login.defs - Configuration control definitions for the shadow package.
+# Some variables are used by login(1), su(1) and runuser(1) from util-linux
+# package as well pam pam_unix(8) from pam package.
#
# $Id$
#
@@ -17,9 +19,8 @@ FAIL_DELAY 3
LOG_UNKFAIL_ENAB no
#
-# Enable logging of successful logins
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
#
-LOG_OK_LOGINS no
#
# Limit the highest user ID number for which the lastlog entries should
@@ -31,10 +32,9 @@ LOG_OK_LOGINS no
#LASTLOG_UID_MAX
#
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
+# to sulog file logging.
#
-SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
@@ -58,6 +58,12 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
+# If set to "yes", login stops display content specified by MOTD_FILE after
+# the first accessible item in the list.
+#
+#MOTD_FIRSTONLY no
+
+#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format similar to "vt100 tty01".
#
@@ -72,12 +78,33 @@ MOTD_FILE /etc/motd
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
+# If this variable is set to "yes", hostname will be suppressed in the
+# login: prompt.
+#LOGIN_PLAIN_PROMPT no
+
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH PATH=/bin:/usr/bin
+#
+# ENV_PATH: The default PATH settings for non-root.
+#
+# ENV_ROOTPATH: The default PATH settings for root
+# (used by login, su and runuser).
+#
+# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
+# (and falback for login).
+#
+ENV_PATH /bin:/usr/bin
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
+#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
+
+# If this variable is set to "yes", su will always set path. every su
+# call will overwrite the PATH variable.
+#
+# Per default, only "su -" will set a new PATH.
+#
+ALWAYS_SET_PATH no
#
# Terminal permissions
@@ -93,19 +120,6 @@ ENV_PATH PATH=/bin:/usr/bin
TTYGROUP tty
TTYPERM 0600
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
@@ -163,6 +177,12 @@ SUB_GID_COUNT 65536
LOGIN_RETRIES 5
#
+# Tell login to only re-prompt for the password if authentication
+# failed, but the username is valid. The default value is no.
+#
+LOGIN_KEEP_USERNAME no
+
+#
# Max time in seconds for login(1)
#
LOGIN_TIMEOUT 60
@@ -315,14 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO
#GRANT_AUX_GROUP_SUBIDS yes
#
-# Prevents an empty password field to be interpreted as "no authentication
-# required".
-# Set to "yes" to prevent for all accounts
-# Set to "superuser" to prevent for UID 0 / root (default)
-# Set to "no" to not prevent for any account (dangerous, historical default)
-PREVENT_NO_AUTH superuser
-
-#
# Select the HMAC cryptography algorithm.
# Used in pam_timestamp module to calculate the keyed-hash message
# authentication code.