📄 shadow.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content= "application/xhtml+xml; charset=iso-8859-1" /> <title> 10.48. Shadow-4.0.15 </title> <link rel="stylesheet" href="../stylesheets/lfs.css" type="text/css" /> <meta name="generator" content="DocBook XSL Stylesheets V1.69.1" /> <link rel="stylesheet" href="../stylesheets/lfs-print.css" type= "text/css" media="print" /> </head> <body id="lfs" class="CLFS-SVN-20060417-MIPS"> <div class="navheader"> <div class="headertitles"> <h4> Cross-Compiled Linux From Scratch - Version CLFS-SVN-20060417-MIPS </h4> <h3> Chapter 10. Installing Basic System Software </h3> </div> <ul class="headerlinks"> <li class="prev"> <a accesskey="p" href="psmisc.html" title="Psmisc-22.2">Prev</a> <p> Psmisc-22.2 </p> </li> <li class="next"> <a accesskey="n" href="sysklogd.html" title= "Sysklogd-1.4.1">Next</a> <p> Sysklogd-1.4.1 </p> </li> <li class="up"> <a accesskey="u" href="chapter.html" title= "Chapter 10. Installing Basic System Software">Up</a>. </li> <li class="home"> <a accesskey="h" href="../index.html" title= "Cross-Compiled Linux From Scratch - Version CLFS-SVN-20060417-MIPS"> Home</a> </li> </ul> </div> <div class="wrap" lang="en" xml:lang="en"> <div class="titlepage"> <h1 class="sect1"> 10.48. Shadow-4.0.15 </h1> </div> <div class="package" lang="en" xml:lang="en"> <p> The Shadow package contains programs for handling passwords in a secure way. </p> <div class="segmentedlist"> <div class="seglistitem"> <div class="seg"> <strong><span class="segtitle">Installation depends on:</span></strong> <span class="seg">Bash, Binutils, Bison, Coreutils, Diffutils, GCC, Gettext, Glibc, Grep, Make, and Sed</span> </div> </div> </div> </div> <div class="installation" lang="en" xml:lang="en"> <div class="titlepage"> <h2 class="sect2"> 10.48.1. Installation of Shadow </h2> </div> <div class="note"> <div class="admonhead"> <img alt="[Note]" src="../images/note.png" /> <h3 class="admontitle"> Note </h3> </div> <div class="admonbody"> <p> If you would like to enforce the use of strong passwords, refer to <a href= "http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html"> <i>http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html</i></a> for installing Cracklib prior to building Shadow. Then add <em class="parameter"><tt>--with-libcrack</tt></em> to the <span><strong class="command">configure</strong></span> command below. </p> </div> </div> <p> Prepare Shadow for compilation: </p> <pre class="userinput"><kbd class="command">./configure --libdir=/lib --enable-shared \ --without-libpam --without-audit --without-selinux</kbd></pre> <p> The meaning of the configure options: </p> <div class="variablelist"> <dl> <dt> <span class="term"><em class= "parameter"><tt>--without-libpam</tt></em></span> </dt> <dd> <p> Support for Linux-PAM is enabled by default in Shadow, however PAM is not installed on a base LFS system, so this switch disables PAM support in Shadow. For instructions to install PAM and link Shadow to it, you can look at <a href= "http://www.linuxfromscratch.org/blfs/view/svn/postlfs/shadow.html"> <i>http://www.linuxfromscratch.org/blfs/view/svn/postlfs/shadow.html</i></a>. </p> </dd> <dt> <span class="term"><em class= "parameter"><tt>--without-audit</tt></em></span> </dt> <dd> <p> Support for auditing is enabled by default, but a a library that it needs is not installed in a base LFS system. This switch disables auditing support. </p> </dd> <dt> <span class="term"><em class= "parameter"><tt>--without-selinux</tt></em></span> </dt> <dd> <p> Support for selinux is enabled by default, but selinux is not built in a base LFS system and configure will fail without this switch. </p> </dd> </dl> </div> <p> Disable the installation of the <span><strong class= "command">groups</strong></span> program and its man pages, as Coreutils provides a better version: </p> <pre class="userinput"><kbd class="command">sed -i 's/groups$(EXEEXT) //' src/Makefilesed -i '/groups/d' man/Makefile</kbd></pre> <p> Compile the package: </p> <pre class="userinput"><kbd class="command">make</kbd></pre> <p> This package does not come with a test suite. </p> <p> Install the package: </p> <pre class="userinput"><kbd class="command">make install</kbd></pre> <p> <a id="shadow-limits-login_access" name= "shadow-limits-login_access"></a>Shadow uses two files to configure authentication settings for the system. Install these two configuration files: </p> <pre class="userinput"><kbd class="command">cp -v etc/{limits,login.access} /etc</kbd></pre> <p> <a id="shadow-login_defs" name="shadow-login_defs"></a>Instead of using the default <span class="emphasis"><em>crypt</em></span> method, use the more secure <span class= "emphasis"><em>MD5</em></span> method of password encryption, which also allows passwords longer than 8 characters. It is also necessary to change the obsolete <tt class= "filename">/var/spool/mail</tt> location for user mailboxes that Shadow uses by default to the <tt class="filename">/var/mail</tt> location used currently. Both of these can be accomplished by changing the relevant configuration file while copying it to its destination: </p> <div class="note"> <div class="admonhead"> <img alt="[Note]" src="../images/note.png" /> <h3 class="admontitle"> Note </h3> </div> <div class="admonbody"> <p> If you built Shadow with Cracklib support, insert the following into the <span><strong class="command">sed</strong></span> given below: </p> <pre class="screen"><tt class="literal">-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@'</tt></pre> </div> </div> <pre class="userinput"><kbd class="command">sed -e's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \ -e 's@/var/spool/mail@/var/mail@' \ etc/login.defs > /etc/login.defs</kbd></pre> <p> Move a misplaced program to its proper location: </p> <pre class="userinput"><kbd class="command">mv -v /usr/bin/passwd /bin</kbd></pre> <p> Move Shadow's dynamic libraries to a more appropriate location: </p> <pre class="userinput"><kbd class="command">mv -v /lib/libshadow.*a /usr/librm -v /lib/libshadow.soln -svf ../../lib/libshadow.so.0 /usr/lib/libshadow.so</kbd></pre> <p> The <tt class="option">-D</tt> option of the <span><strong class= "command">useradd</strong></span> program requires the <tt class= "filename">/etc/default</tt> directory for it to work properly: </p> <pre class="userinput"><kbd class="command">install -dv /etc/default</kbd></pre> </div> <div class="configuration" lang="en" xml:lang="en"> <div class="titlepage"> <a id="conf-shadow" name="conf-shadow"></a> <h2 class="sect2"> 10.48.2. Configuring Shadow </h2> </div> <p> This package contains utilities to add, modify, and delete users and groups; set and change their passwords; and perform other administrative tasks. For a full explanation of what <span class= "emphasis"><em>password shadowing</em></span> means, see the <tt class="filename">doc/HOWTO</tt> file within the unpacked source tree. If using Shadow support, keep in mind that programs which need to verify passwords (display managers, FTP programs, pop3 daemons, etc.) must be Shadow-compliant. That is, they need to be able to work with shadowed passwords. </p> <p> To enable shadowed passwords, run the following command: </p> <pre class="userinput"><kbd class="command">pwconv</kbd></pre> <p> To enable shadowed group passwords, run: </p> <pre class="userinput"><kbd class="command">grpconv</kbd></pre> <p> Under normal circumstances, passwords will not have been created yet. However, if returning to this section later to enable shadowing, reset any current user passwords with the <span><strong class="command">passwd</strong></span> command or any group passwords with the <span><strong class= "command">gpasswd</strong></span> command. </p> </div> <div class="configuration" lang="en" xml:lang="en"> <div class="titlepage"> <a id="root-password" name="root-password"></a> <h2 class="sect2"> 10.48.3. Setting the root password </h2> </div> <p> Choose a password for user <tt class="systemitem">root</tt> and set it by running: </p> <pre class="userinput"><kbd class="command">passwd root</kbd></pre> </div> <div class="content" lang="en" xml:lang="en"> <div class="titlepage"> <a id="contents-shadow" name="contents-shadow"></a> <h2 class="sect2"> 10.48.4. Contents of Shadow </h2> </div> <div class="segmentedlist"> <div class="seglistitem"> <div class="seg"> <strong><span class="segtitle">Installed programs:</span></strong> <span class="seg">chage, chfn, chpasswd, chsh, expiry, faillog, gpasswd, groupadd, groupdel, groupmod, grpck, grpconv, grpunconv, lastlog, login, logoutd, newgrp, newusers, passwd, pwck, pwconv, pwunconv, sg (link to newgrp), useradd, userdel, usermod, vigr (link to vipw), and vipw</span> </div> <div class="seg"> <strong><span class="segtitle">Installed libraries:</span></strong> <span class= "seg">libshadow.[a,so]</span> </div> </div> </div> <div class="variablelist"> <h3> <a id="id3686633" name="id3686633"></a>Short Descriptions </h3> <table border="0"> <col align="left" valign="top" /> <tbody> <tr> <td> <a id="chage" name="chage"></a><span class= "term"><span><strong class= "command">chage</strong></span></span> </td> <td> <p> Used to change the maximum number of days between obligatory password changes </p> </td> </tr> <tr> <td> <a id="chfn" name="chfn"></a><span class= "term"><span><strong class= "command">chfn</strong></span></span> </td> <td> <p> Used to change a user's full name and other information </p> </td> </tr> <tr> <td> <a id="chpasswd" name="chpasswd"></a><span class= "term"><span><strong class= "command">chpasswd</strong></span></span> </td> <td> <p> Used to update the passwords of an entire series of user accounts </p> </td> </tr> <tr> <td> <a id="chsh" name="chsh"></a><span class= "term"><span><strong class= "command">chsh</strong></span></span> </td> <td> <p> Used to change a user's default login shell⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -