223 lines
5.7 KiB
Plaintext
223 lines
5.7 KiB
Plaintext
# Tanım: The Shadow package contains programs for handling passwords in a secure way.
|
||
# URL: http://shadow.pld.org.pl/
|
||
# Paketçi: milisarge
|
||
# Gerekler:
|
||
|
||
name=shadow
|
||
version=4.2.1
|
||
release=1
|
||
|
||
source=( http://pkg-shadow.alioth.debian.org/releases/shadow-$version.tar.xz)
|
||
|
||
build()
|
||
{
|
||
cd shadow-$version
|
||
|
||
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
|
||
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
|
||
|
||
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
|
||
-e 's@/var/spool/mail@/var/mail@' etc/login.defs
|
||
|
||
sed -i 's/1000/999/' etc/useradd
|
||
|
||
./configure --sysconfdir=/etc
|
||
make
|
||
make DESTDIR=$PKG install
|
||
sed -i 's/yes/no/' $PKG/etc/default/useradd
|
||
sed -i 's/GROUP/# GROUP/' $PKG/etc/default/useradd
|
||
mv -v $PKG/usr/bin/* $PKG/bin
|
||
mv -v $PKG/usr/sbin/* $PKG/sbin
|
||
#
|
||
# Following sed comment appropriate lines in etc/login.defs, and stop login
|
||
# from performing these functions. First backup the etc/login.defs
|
||
install -v -m644 $PKG/etc/login.defs{,.orig}
|
||
for FUNCTION in FAIL_DELAY FAILLOG_ENAB \
|
||
LASTLOG_ENAB \
|
||
MAIL_CHECK_ENAB \
|
||
OBSCURE_CHECKS_ENAB \
|
||
PORTTIME_CHECKS_ENAB \
|
||
QUOTAS_ENAB \
|
||
CONSOLE MOTD_FILE \
|
||
FTMP_FILE NOLOGINS_FILE \
|
||
ENV_HZ PASS_MIN_LEN \
|
||
SU_WHEEL_ONLY \
|
||
CRACKLIB_DICTPATH \
|
||
PASS_CHANGE_TRIES \
|
||
PASS_ALWAYS_WARN \
|
||
CHFN_AUTH ENCRYPT_METHOD \
|
||
ENVIRON_FILE
|
||
do
|
||
sed -i "s/^${FUNCTION}/# &/" $PKG/etc/login.defs
|
||
done
|
||
|
||
#
|
||
# Configuration files for pam
|
||
mkdir -p $PKG/etc/pam.d
|
||
cat > $PKG/etc/pam.d/system-account << "EOF"
|
||
# Begin /etc/pam.d/system-account
|
||
|
||
account required pam_unix.so
|
||
|
||
# End /etc/pam.d/system-account
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/system-auth << "EOF"
|
||
# Begin /etc/pam.d/system-auth
|
||
|
||
auth required pam_unix.so
|
||
|
||
# End /etc/pam.d/system-auth
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/system-password << "EOF"
|
||
# Begin /etc/pam.d/system-password
|
||
|
||
# use sha512 hash for encryption, use shadow, and try to use any previously
|
||
# defined authentication token (chosen password) set by any prior module
|
||
password required pam_pwhistory.so retry=3
|
||
password required pam_unix.so sha512 shadow try_first_pass
|
||
|
||
# End /etc/pam.d/system-password
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/system-session << "EOF"
|
||
# Begin /etc/pam.d/system-session
|
||
|
||
session required pam_unix.so
|
||
session optional pam_loginuid.so
|
||
session optional pam_ck_connector.so nox11
|
||
|
||
# End /etc/pam.d/system-session
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/login << "EOF"
|
||
# Begin /etc/pam.d/login
|
||
|
||
# Set failure delay before next prompt to 3 seconds
|
||
auth optional pam_faildelay.so delay=3000000
|
||
|
||
# Check to make sure that the user is allowed to login
|
||
auth requisite pam_nologin.so
|
||
|
||
# Check to make sure that root is allowed to login
|
||
# Disabled by default. You will need to create /etc/securetty
|
||
# file for this module to function. See man 5 securetty.
|
||
#auth required pam_securetty.so
|
||
|
||
# Additional group memberships - disabled by default
|
||
#auth optional pam_group.so
|
||
|
||
# include the default auth settings
|
||
auth include system-auth
|
||
|
||
# check access for the user
|
||
account required pam_access.so
|
||
|
||
# include the default account settings
|
||
account include system-account
|
||
|
||
# Set default environment variables for the user
|
||
session required pam_env.so
|
||
|
||
# Set resource limits for the user
|
||
session required pam_limits.so
|
||
|
||
# Display date of last login - Disabled by default
|
||
#session optional pam_lastlog.so
|
||
|
||
# Display the message of the day - Disabled by default
|
||
#session optional pam_motd.so
|
||
|
||
# Check user's mail - Disabled by default
|
||
#session optional pam_mail.so standard quiet
|
||
|
||
# include the default session and password settings
|
||
session include system-session
|
||
password include system-password
|
||
|
||
# End /etc/pam.d/login
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/passwd << "EOF"
|
||
# Begin /etc/pam.d/passwd
|
||
|
||
password include system-password
|
||
|
||
# End /etc/pam.d/passwd
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/su << "EOF"
|
||
# Begin /etc/pam.d/su
|
||
|
||
# always allow root
|
||
auth sufficient pam_rootok.so
|
||
auth include system-auth
|
||
|
||
# include the default account settings
|
||
account include system-account
|
||
|
||
# Set default environment variables for the service user
|
||
session required pam_env.so
|
||
|
||
# include system session defaults
|
||
session include system-session
|
||
|
||
# End /etc/pam.d/su
|
||
EOF
|
||
|
||
cat > $PKG/etc/pam.d/chage << "EOF"
|
||
#Begin /etc/pam.d/chage
|
||
|
||
# always allow root
|
||
auth sufficient pam_rootok.so
|
||
|
||
# include system defaults for auth account and session
|
||
auth include system-auth
|
||
account include system-account
|
||
session include system-session
|
||
|
||
# Always permit for authentication updates
|
||
password required pam_permit.so
|
||
|
||
# End /etc/pam.d/chage
|
||
EOF
|
||
|
||
for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
|
||
groupmems groupmod newusers useradd userdel usermod
|
||
do
|
||
install -v -m644 $PKG/etc/pam.d/chage $PKG/etc/pam.d/${PROGRAM}
|
||
sed -i "s/chage/$PROGRAM/" $PKG/etc/pam.d/${PROGRAM}
|
||
done
|
||
|
||
# Backup others
|
||
[ -f $PKG/pam.d/other ] && install -v -m644 $PKG/etc/pam.d/other{,.orig}
|
||
|
||
# Other
|
||
#
|
||
cat > $PKG/etc/pam.d/other << "EOF"
|
||
# Begin /etc/pam.d/other
|
||
|
||
auth required pam_warn.so
|
||
auth required pam_deny.so
|
||
account required pam_warn.so
|
||
account required pam_deny.so
|
||
password required pam_warn.so
|
||
password required pam_deny.so
|
||
session required pam_warn.so
|
||
session required pam_deny.so
|
||
|
||
# End /etc/pam.d/other
|
||
EOF
|
||
|
||
# Replace the login and ressource limits file
|
||
if [ -f $PKG/etc/login.access ]; then
|
||
mv -v $PKG/etc/login.access{,.NOUSE}
|
||
fi
|
||
if [ -f $PKG/etc/limits ]; then
|
||
mv -v $PKG/etc/limits{,.NOUSE}
|
||
fi
|
||
rm $PKG/usr/share/man/man8/nologin.8
|
||
rm $PKG/sbin/nologin
|
||
}
|