milis/talimatname/temel/shadow/talimat

223 lines
5.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Tanım: The Shadow package contains programs for handling passwords in a secure way.
# URL: http://shadow.pld.org.pl/
# Paketçi: milisarge
# Gerekler:
name=shadow
version=4.2.1
release=1
source=( http://pkg-shadow.alioth.debian.org/releases/shadow-$version.tar.xz)
build()
{
cd shadow-$version
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
-e 's@/var/spool/mail@/var/mail@' etc/login.defs
sed -i 's/1000/999/' etc/useradd
./configure --sysconfdir=/etc
make
make DESTDIR=$PKG install
sed -i 's/yes/no/' $PKG/etc/default/useradd
sed -i 's/GROUP/# GROUP/' $PKG/etc/default/useradd
mv -v $PKG/usr/bin/* $PKG/bin
mv -v $PKG/usr/sbin/* $PKG/sbin
#
# Following sed comment appropriate lines in etc/login.defs, and stop login
# from performing these functions. First backup the etc/login.defs
install -v -m644 $PKG/etc/login.defs{,.orig}
for FUNCTION in FAIL_DELAY FAILLOG_ENAB \
LASTLOG_ENAB \
MAIL_CHECK_ENAB \
OBSCURE_CHECKS_ENAB \
PORTTIME_CHECKS_ENAB \
QUOTAS_ENAB \
CONSOLE MOTD_FILE \
FTMP_FILE NOLOGINS_FILE \
ENV_HZ PASS_MIN_LEN \
SU_WHEEL_ONLY \
CRACKLIB_DICTPATH \
PASS_CHANGE_TRIES \
PASS_ALWAYS_WARN \
CHFN_AUTH ENCRYPT_METHOD \
ENVIRON_FILE
do
sed -i "s/^${FUNCTION}/# &/" $PKG/etc/login.defs
done
#
# Configuration files for pam
mkdir -p $PKG/etc/pam.d
cat > $PKG/etc/pam.d/system-account << "EOF"
# Begin /etc/pam.d/system-account
account required pam_unix.so
# End /etc/pam.d/system-account
EOF
cat > $PKG/etc/pam.d/system-auth << "EOF"
# Begin /etc/pam.d/system-auth
auth required pam_unix.so
# End /etc/pam.d/system-auth
EOF
cat > $PKG/etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password
# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password required pam_pwhistory.so retry=3
password required pam_unix.so sha512 shadow try_first_pass
# End /etc/pam.d/system-password
EOF
cat > $PKG/etc/pam.d/system-session << "EOF"
# Begin /etc/pam.d/system-session
session required pam_unix.so
session optional pam_loginuid.so
session optional pam_ck_connector.so nox11
# End /etc/pam.d/system-session
EOF
cat > $PKG/etc/pam.d/login << "EOF"
# Begin /etc/pam.d/login
# Set failure delay before next prompt to 3 seconds
auth optional pam_faildelay.so delay=3000000
# Check to make sure that the user is allowed to login
auth requisite pam_nologin.so
# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
#auth required pam_securetty.so
# Additional group memberships - disabled by default
#auth optional pam_group.so
# include the default auth settings
auth include system-auth
# check access for the user
account required pam_access.so
# include the default account settings
account include system-account
# Set default environment variables for the user
session required pam_env.so
# Set resource limits for the user
session required pam_limits.so
# Display date of last login - Disabled by default
#session optional pam_lastlog.so
# Display the message of the day - Disabled by default
#session optional pam_motd.so
# Check user's mail - Disabled by default
#session optional pam_mail.so standard quiet
# include the default session and password settings
session include system-session
password include system-password
# End /etc/pam.d/login
EOF
cat > $PKG/etc/pam.d/passwd << "EOF"
# Begin /etc/pam.d/passwd
password include system-password
# End /etc/pam.d/passwd
EOF
cat > $PKG/etc/pam.d/su << "EOF"
# Begin /etc/pam.d/su
# always allow root
auth sufficient pam_rootok.so
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
# End /etc/pam.d/su
EOF
cat > $PKG/etc/pam.d/chage << "EOF"
#Begin /etc/pam.d/chage
# always allow root
auth sufficient pam_rootok.so
# include system defaults for auth account and session
auth include system-auth
account include system-account
session include system-session
# Always permit for authentication updates
password required pam_permit.so
# End /etc/pam.d/chage
EOF
for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
groupmems groupmod newusers useradd userdel usermod
do
install -v -m644 $PKG/etc/pam.d/chage $PKG/etc/pam.d/${PROGRAM}
sed -i "s/chage/$PROGRAM/" $PKG/etc/pam.d/${PROGRAM}
done
# Backup others
[ -f $PKG/pam.d/other ] && install -v -m644 $PKG/etc/pam.d/other{,.orig}
# Other
#
cat > $PKG/etc/pam.d/other << "EOF"
# Begin /etc/pam.d/other
auth required pam_warn.so
auth required pam_deny.so
account required pam_warn.so
account required pam_deny.so
password required pam_warn.so
password required pam_deny.so
session required pam_warn.so
session required pam_deny.so
# End /etc/pam.d/other
EOF
# Replace the login and ressource limits file
if [ -f $PKG/etc/login.access ]; then
mv -v $PKG/etc/login.access{,.NOUSE}
fi
if [ -f $PKG/etc/limits ]; then
mv -v $PKG/etc/limits{,.NOUSE}
fi
rm $PKG/usr/share/man/man8/nologin.8
rm $PKG/sbin/nologin
}