neatened text of chapter 6 util-linux and shadow

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2678 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Alex Gronenwoud 2003-08-25 21:42:04 +00:00
parent 1f304328b4
commit 8a0d0eb26a
2 changed files with 60 additions and 49 deletions

View File

@ -9,11 +9,13 @@ regarding passwords, such as how to enable the more secure MD5 passwords
and how to get the most out of this Shadow package. The Shadow hint can and how to get the most out of this Shadow package. The Shadow hint can
be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para> be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
<para>Programs like login, shutdown, uptime, and others want to read <para>The <userinput>login</userinput>, <userinput>getty</userinput> and
from and to the /var/run/utmp, /var/log/btmp and /var/log/wtmp. These <userinput>init</userinput> programs (and some others) maintain a number
files contain information about who is currently logged in. They also of logfiles to record who are and who were logged in to the system. These
contain information about when the conmputer was last booted and programs, however, don't create these logfiles when they don't exist, so if
shutdown and a record of bas login attempts.</para> you want this logging to occur you will have to create the files yourself.
To let the Shadow package (that is installed next) detect these files in their
proper place, create them now, with their proper permissions:</para>
<para>Create these files with their proper permissions by running the <para>Create these files with their proper permissions by running the
following commands:</para> following commands:</para>
@ -21,77 +23,80 @@ following commands:</para>
<para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} <para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para> chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>
<para>Shadow hard-codes the path to the passwd binary within itself, but <para>The <filename>/var/run/utmp</filename> file lists the users that are
it does it the wrong way. If no passwd binary is present before currently logged in, the <filename>/var/log/wtmp</filename> file who
installing Shadow, it (wrongly) assumes that it will be at /bin/passwd, <emphasis>were</emphasis> logged in and when.
but then installs its own in /usr/bin/passwd. This will lead to strange The <filename>/var/log/lastlog</filename> file shows for each user when he
errors about not finding /bin/passwd. To fix workaround this bug in or she last logged in, and the <filename>/var/log/btmp</filename> lists the
Shadow, we'll create a dummy passwd file so that it gets hardcoded in bad login attempts.</para>
the right place:</para>
<para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
within the binary itself, but does this the wrong way. If before installing
Shadow no <userinput>passwd</userinput> binary is present , the package wrongly
assumes it is going to be located at <filename>/bin/passwd</filename>,
but then installs it in <filename>/usr/bin/passwd</filename>. This will lead
to weird errors about not finding <filename>/bin/passwd</filename>. To work
around this bug, create a dummy <filename>passwd</filename> file,
so that it gets hard-wired properly:</para>
<para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para> <para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
<para>Prepare Shadow to be compiled:</para> <para>Now prepare Shadow for compilation:</para>
<para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib \ <para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen></para>
&nbsp;&nbsp;&nbsp;&nbsp;--enable-shared</userinput></screen></para>
<para>Continue with compiling the package:</para> <para>Compile the package:</para>
<para><screen><userinput>make</userinput></screen></para> <para><screen><userinput>make</userinput></screen></para>
<para>Install the package:</para> <para>And install it:</para>
<para><screen><userinput>make install</userinput></screen></para> <para><screen><userinput>make install</userinput></screen></para>
<para>Shadow uses two files to configure authentication settings for <para>Shadow uses two files to configure authentication settings for the
the system. Install those config files:</para> system. Install these two config files:</para>
<para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para> <para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
<para><filename class="directory">/var/spool/mail</filename> is the <para>In the old days <filename class="directory">/var/spool/mail</filename>
old location of the user mailboxes. The location that is used nowadays was the location for the user mailboxes, but nowadays <filename
is /var/mail. Issue the following command to modify the mailbox class="directory">/var/mail</filename> is used. Change the default mailbox
location:</para> location in the relevant configuration file while copying it to its
destination:</para>
<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \ <para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
&nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para> &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>
<para>According to the manpage of <userinput>vipw</userinput>, <para>According to the man page of <userinput>vipw</userinput>, a
a <userinput>vigr</userinput> symlink should exist. Because the <userinput>vigr</userinput> program should exist too. Since the installation
shadow installation procedure doesn't create this symlink, it procedure doesn't create this program, create a symlink manually:</para>
must be created manually:</para>
<para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para> <para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>
<para>The <filename>vipw</filename> link is currently pointing <para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
to a non-existing file. Since this file isn't needed here, remove pointing to a non-existent file), remove it:</para>
it:</para>
<para><screen><userinput>rm /bin/vipw</userinput></screen></para> <para><screen><userinput>rm /bin/vipw</userinput></screen></para>
<para>Move the <userinput>sg</userinput> program to the <para>Now move the <userinput>sg</userinput> program to its proper place:</para>
<filename class="directory">/usr/bin</filename> directory:</para>
<para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para> <para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>
<para>Move Shadow's dynamic libraries to a more appropriate location:</para> <para>And move Shadow's dynamic libraries to a more appropriate location:</para>
<para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para> <para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>
<para>The libraries have been moved, but some packages expect to <para>As some packages expect to find the just-moved libraries in
find them in them in the <filename>/usr/lib</filename>, create the following symlinks:</para>
<filename class="directory">/usr/lib</filename> directory. To account
for this, create the following symlinks:</para>
<para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so <para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para> ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>
<para>Sh-utils and Shadow Password Suite each install a unique <para>Coreutils has already installed a <userinput>groups</userinput> program
<filename>groups</filename> program. If you wish, you may remove the in <filename>/usr/bin</filename>. If you wish, you can remove the one
<filename>groups</filename> program installed by the Shadow Password installed by Shadow:</para>
Suite:</para>
<para><screen><userinput>rm /bin/groups</userinput></screen></para> <para><screen><userinput>rm /bin/groups</userinput></screen></para>
</sect2> </sect2>

View File

@ -3,9 +3,10 @@
<sect2> <sect2>
<title>FHS compliance notes</title> <title>FHS compliance notes</title>
<para>The FHS recommends that we use /var/lib/hwclock, instead of the <para>The FHS recommends that we use <filename>/var/lib/hwclock</filename>,
usual /etc, as the location of the adjtime file. To make hwclock instead of the usual <filename>/etc</filename>, as the location for the
FHS-compliant, run the following:</para> <filename>adjtime</filename> file. To make the <userinput>hwclock</userinput>
program FHS-compliant, run the following:</para>
<para><screen><userinput>cp hwclock/hwclock.c{,.backup} <para><screen><userinput>cp hwclock/hwclock.c{,.backup}
sed 's%etc/adjtime%var/lib/hwclock/adjtime%' \ sed 's%etc/adjtime%var/lib/hwclock/adjtime%' \
@ -17,18 +18,23 @@ mkdir -p /var/lib/hwclock</userinput></screen></para>
<sect2> <sect2>
<title>Installation of Util-linux</title> <title>Installation of Util-linux</title>
<para>Prepare Util-linux to be compiled:</para> <para>Prepare Util-linux for compilation:</para>
<para><screen><userinput>./configure</userinput></screen></para> <para><screen><userinput>./configure</userinput></screen></para>
<para>Continue with compiling the package:</para> <para>Compile the package:</para>
<para><screen><userinput>make HAVE_SLN=yes</userinput></screen></para> <para><screen><userinput>make HAVE_SLN=yes</userinput></screen></para>
<para>The <emphasis>HAVE_SLN</emphasis> option prevents this package, <para>The meaning of the make parameter:</para>
which was already was installed by Glibc, from being built again.</para> <itemizedlist>
<listitem><para><userinput>HAVE_SLN=yes</userinput>: This prevents the
<userinput>sln</userinput> program (a statically linked
<userinput>ln</userinput>, already installed by Glibc) from being built
again.</para></listitem>
</itemizedlist>
<para>Finish installing the package:</para> <para>And install the package:</para>
<para><screen><userinput>make HAVE_SLN=yes install</userinput></screen></para> <para><screen><userinput>make HAVE_SLN=yes install</userinput></screen></para>