milis/talimatname/temel/shadow/talimat

222 lines
5.8 KiB
Plaintext
Raw Normal View History

2016-02-24 01:27:23 +01:00
# Description: The Shadow package contains programs for handling passwords in a secure way.
# URL: http://shadow.pld.org.pl/
# Maintainer: pkg-shadow-devel@lists.alioth.debian.org
# Packager: pierre at nutyx dot org
name=shadow
version=4.2.1
release=1
source=( http://pkg-shadow.alioth.debian.org/releases/shadow-$version.tar.xz)
build()
{
cd shadow-$version
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
-e 's@/var/spool/mail@/var/mail@' etc/login.defs
sed -i 's/1000/999/' etc/useradd
./configure --sysconfdir=/etc
make
make DESTDIR=$PKG install
sed -i 's/yes/no/' $PKG/etc/default/useradd
sed -i 's/GROUP/# GROUP/' $PKG/etc/default/useradd
mv -v $PKG/usr/bin/* $PKG/bin
mv -v $PKG/usr/sbin/* $PKG/sbin
#
# Following sed comment appropriate lines in etc/login.defs, and stop login
# from performing these functions. First backup the etc/login.defs
install -v -m644 $PKG/etc/login.defs{,.orig}
for FUNCTION in FAIL_DELAY FAILLOG_ENAB \
LASTLOG_ENAB \
MAIL_CHECK_ENAB \
OBSCURE_CHECKS_ENAB \
PORTTIME_CHECKS_ENAB \
QUOTAS_ENAB \
CONSOLE MOTD_FILE \
FTMP_FILE NOLOGINS_FILE \
ENV_HZ PASS_MIN_LEN \
SU_WHEEL_ONLY \
CRACKLIB_DICTPATH \
PASS_CHANGE_TRIES \
PASS_ALWAYS_WARN \
CHFN_AUTH ENCRYPT_METHOD \
ENVIRON_FILE
do
sed -i "s/^${FUNCTION}/# &/" $PKG/etc/login.defs
done
#
# Configuration files for pam
mkdir -p $PKG/etc/pam.d
cat > $PKG/etc/pam.d/system-account << "EOF"
# Begin /etc/pam.d/system-account
account required pam_unix.so
# End /etc/pam.d/system-account
EOF
cat > $PKG/etc/pam.d/system-auth << "EOF"
# Begin /etc/pam.d/system-auth
auth required pam_unix.so
# End /etc/pam.d/system-auth
EOF
cat > $PKG/etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password
# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password required pam_pwhistory.so retry=3
password required pam_unix.so sha512 shadow try_first_pass
# End /etc/pam.d/system-password
EOF
cat > $PKG/etc/pam.d/system-session << "EOF"
# Begin /etc/pam.d/system-session
session required pam_unix.so
session optional pam_loginuid.so
session optional pam_ck_connector.so nox11
# End /etc/pam.d/system-session
EOF
cat > $PKG/etc/pam.d/login << "EOF"
# Begin /etc/pam.d/login
# Set failure delay before next prompt to 3 seconds
auth optional pam_faildelay.so delay=3000000
# Check to make sure that the user is allowed to login
auth requisite pam_nologin.so
# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
#auth required pam_securetty.so
# Additional group memberships - disabled by default
#auth optional pam_group.so
# include the default auth settings
auth include system-auth
# check access for the user
account required pam_access.so
# include the default account settings
account include system-account
# Set default environment variables for the user
session required pam_env.so
# Set resource limits for the user
session required pam_limits.so
# Display date of last login - Disabled by default
#session optional pam_lastlog.so
# Display the message of the day - Disabled by default
#session optional pam_motd.so
# Check user's mail - Disabled by default
#session optional pam_mail.so standard quiet
# include the default session and password settings
session include system-session
password include system-password
# End /etc/pam.d/login
EOF
cat > $PKG/etc/pam.d/passwd << "EOF"
# Begin /etc/pam.d/passwd
password include system-password
# End /etc/pam.d/passwd
EOF
cat > $PKG/etc/pam.d/su << "EOF"
# Begin /etc/pam.d/su
# always allow root
auth sufficient pam_rootok.so
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
# End /etc/pam.d/su
EOF
cat > $PKG/etc/pam.d/chage << "EOF"
#Begin /etc/pam.d/chage
# always allow root
auth sufficient pam_rootok.so
# include system defaults for auth account and session
auth include system-auth
account include system-account
session include system-session
# Always permit for authentication updates
password required pam_permit.so
# End /etc/pam.d/chage
EOF
for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
groupmems groupmod newusers useradd userdel usermod
do
install -v -m644 $PKG/etc/pam.d/chage $PKG/etc/pam.d/${PROGRAM}
sed -i "s/chage/$PROGRAM/" $PKG/etc/pam.d/${PROGRAM}
done
# Backup others
[ -f $PKG/pam.d/other ] && install -v -m644 $PKG/etc/pam.d/other{,.orig}
# Other
#
cat > $PKG/etc/pam.d/other << "EOF"
# Begin /etc/pam.d/other
auth required pam_warn.so
auth required pam_deny.so
account required pam_warn.so
account required pam_deny.so
password required pam_warn.so
password required pam_deny.so
session required pam_warn.so
session required pam_deny.so
# End /etc/pam.d/other
EOF
# Replace the login and ressource limits file
if [ -f $PKG/etc/login.access ]; then
mv -v $PKG/etc/login.access{,.NOUSE}
fi
if [ -f $PKG/etc/limits ]; then
mv -v $PKG/etc/limits{,.NOUSE}
fi
rm $PKG/usr/share/man/man8/nologin.8
rm $PKG/sbin/nologin
}