mirror of
https://git.linuxfromscratch.org/lfs.git
synced 2025-07-10 22:34:21 +01:00
neatened text of chapter 6 util-linux and shadow
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2678 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
parent
1f304328b4
commit
8a0d0eb26a
@ -9,11 +9,13 @@ regarding passwords, such as how to enable the more secure MD5 passwords
|
|||||||
and how to get the most out of this Shadow package. The Shadow hint can
|
and how to get the most out of this Shadow package. The Shadow hint can
|
||||||
be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
|
be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
|
||||||
|
|
||||||
<para>Programs like login, shutdown, uptime, and others want to read
|
<para>The <userinput>login</userinput>, <userinput>getty</userinput> and
|
||||||
from and to the /var/run/utmp, /var/log/btmp and /var/log/wtmp. These
|
<userinput>init</userinput> programs (and some others) maintain a number
|
||||||
files contain information about who is currently logged in. They also
|
of logfiles to record who are and who were logged in to the system. These
|
||||||
contain information about when the conmputer was last booted and
|
programs, however, don't create these logfiles when they don't exist, so if
|
||||||
shutdown and a record of bas login attempts.</para>
|
you want this logging to occur you will have to create the files yourself.
|
||||||
|
To let the Shadow package (that is installed next) detect these files in their
|
||||||
|
proper place, create them now, with their proper permissions:</para>
|
||||||
|
|
||||||
<para>Create these files with their proper permissions by running the
|
<para>Create these files with their proper permissions by running the
|
||||||
following commands:</para>
|
following commands:</para>
|
||||||
@ -21,77 +23,80 @@ following commands:</para>
|
|||||||
<para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
|
<para><screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
|
||||||
chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>
|
chmod 644 /var/run/utmp /var/log/{btmp,lastlog,wtmp}</userinput></screen></para>
|
||||||
|
|
||||||
<para>Shadow hard-codes the path to the passwd binary within itself, but
|
<para>The <filename>/var/run/utmp</filename> file lists the users that are
|
||||||
it does it the wrong way. If no passwd binary is present before
|
currently logged in, the <filename>/var/log/wtmp</filename> file who
|
||||||
installing Shadow, it (wrongly) assumes that it will be at /bin/passwd,
|
<emphasis>were</emphasis> logged in and when.
|
||||||
but then installs its own in /usr/bin/passwd. This will lead to strange
|
The <filename>/var/log/lastlog</filename> file shows for each user when he
|
||||||
errors about not finding /bin/passwd. To fix workaround this bug in
|
or she last logged in, and the <filename>/var/log/btmp</filename> lists the
|
||||||
Shadow, we'll create a dummy passwd file so that it gets hardcoded in
|
bad login attempts.</para>
|
||||||
the right place:</para>
|
|
||||||
|
<para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
|
||||||
|
within the binary itself, but does this the wrong way. If before installing
|
||||||
|
Shadow no <userinput>passwd</userinput> binary is present , the package wrongly
|
||||||
|
assumes it is going to be located at <filename>/bin/passwd</filename>,
|
||||||
|
but then installs it in <filename>/usr/bin/passwd</filename>. This will lead
|
||||||
|
to weird errors about not finding <filename>/bin/passwd</filename>. To work
|
||||||
|
around this bug, create a dummy <filename>passwd</filename> file,
|
||||||
|
so that it gets hard-wired properly:</para>
|
||||||
|
|
||||||
<para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
|
<para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
|
||||||
|
|
||||||
<para>Prepare Shadow to be compiled:</para>
|
<para>Now prepare Shadow for compilation:</para>
|
||||||
|
|
||||||
<para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib \
|
<para><screen><userinput>./configure --prefix=/usr --libdir=/usr/lib --enable-shared</userinput></screen></para>
|
||||||
--enable-shared</userinput></screen></para>
|
|
||||||
|
|
||||||
<para>Continue with compiling the package:</para>
|
<para>Compile the package:</para>
|
||||||
|
|
||||||
<para><screen><userinput>make</userinput></screen></para>
|
<para><screen><userinput>make</userinput></screen></para>
|
||||||
|
|
||||||
<para>Install the package:</para>
|
<para>And install it:</para>
|
||||||
|
|
||||||
<para><screen><userinput>make install</userinput></screen></para>
|
<para><screen><userinput>make install</userinput></screen></para>
|
||||||
|
|
||||||
<para>Shadow uses two files to configure authentication settings for
|
<para>Shadow uses two files to configure authentication settings for the
|
||||||
the system. Install those config files:</para>
|
system. Install these two config files:</para>
|
||||||
|
|
||||||
<para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
|
<para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
|
||||||
|
|
||||||
<para><filename class="directory">/var/spool/mail</filename> is the
|
<para>In the old days <filename class="directory">/var/spool/mail</filename>
|
||||||
old location of the user mailboxes. The location that is used nowadays
|
was the location for the user mailboxes, but nowadays <filename
|
||||||
is /var/mail. Issue the following command to modify the mailbox
|
class="directory">/var/mail</filename> is used. Change the default mailbox
|
||||||
location:</para>
|
location in the relevant configuration file while copying it to its
|
||||||
|
destination:</para>
|
||||||
|
|
||||||
<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
|
<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
|
||||||
etc/login.defs.linux > /etc/login.defs</userinput></screen></para>
|
etc/login.defs.linux > /etc/login.defs</userinput></screen></para>
|
||||||
|
|
||||||
<para>According to the manpage of <userinput>vipw</userinput>,
|
<para>According to the man page of <userinput>vipw</userinput>, a
|
||||||
a <userinput>vigr</userinput> symlink should exist. Because the
|
<userinput>vigr</userinput> program should exist too. Since the installation
|
||||||
shadow installation procedure doesn't create this symlink, it
|
procedure doesn't create this program, create a symlink manually:</para>
|
||||||
must be created manually:</para>
|
|
||||||
|
|
||||||
<para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>
|
<para><screen><userinput>ln -s vipw /usr/sbin/vigr</userinput></screen></para>
|
||||||
|
|
||||||
<para>The <filename>vipw</filename> link is currently pointing
|
<para>As the <filename>/bin/vipw</filename> symlink is redundant (and even
|
||||||
to a non-existing file. Since this file isn't needed here, remove
|
pointing to a non-existent file), remove it:</para>
|
||||||
it:</para>
|
|
||||||
|
|
||||||
<para><screen><userinput>rm /bin/vipw</userinput></screen></para>
|
<para><screen><userinput>rm /bin/vipw</userinput></screen></para>
|
||||||
|
|
||||||
<para>Move the <userinput>sg</userinput> program to the
|
<para>Now move the <userinput>sg</userinput> program to its proper place:</para>
|
||||||
<filename class="directory">/usr/bin</filename> directory:</para>
|
|
||||||
|
|
||||||
<para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>
|
<para><screen><userinput>mv /bin/sg /usr/bin</userinput></screen></para>
|
||||||
|
|
||||||
<para>Move Shadow's dynamic libraries to a more appropriate location:</para>
|
<para>And move Shadow's dynamic libraries to a more appropriate location:</para>
|
||||||
|
|
||||||
<para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>
|
<para><screen><userinput>mv /usr/lib/lib{shadow,misc}.so.0* /lib</userinput></screen></para>
|
||||||
|
|
||||||
<para>The libraries have been moved, but some packages expect to
|
<para>As some packages expect to find the just-moved libraries in
|
||||||
find them in them in the
|
<filename>/usr/lib</filename>, create the following symlinks:</para>
|
||||||
<filename class="directory">/usr/lib</filename> directory. To account
|
|
||||||
for this, create the following symlinks:</para>
|
|
||||||
|
|
||||||
<para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
|
<para><screen><userinput>ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
|
||||||
ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>
|
ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</userinput></screen></para>
|
||||||
|
|
||||||
<para>Sh-utils and Shadow Password Suite each install a unique
|
<para>Coreutils has already installed a <userinput>groups</userinput> program
|
||||||
<filename>groups</filename> program. If you wish, you may remove the
|
in <filename>/usr/bin</filename>. If you wish, you can remove the one
|
||||||
<filename>groups</filename> program installed by the Shadow Password
|
installed by Shadow:</para>
|
||||||
Suite:</para>
|
|
||||||
|
|
||||||
<para><screen><userinput>rm /bin/groups</userinput></screen></para>
|
<para><screen><userinput>rm /bin/groups</userinput></screen></para>
|
||||||
|
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
|
@ -3,9 +3,10 @@
|
|||||||
<sect2>
|
<sect2>
|
||||||
<title>FHS compliance notes</title>
|
<title>FHS compliance notes</title>
|
||||||
|
|
||||||
<para>The FHS recommends that we use /var/lib/hwclock, instead of the
|
<para>The FHS recommends that we use <filename>/var/lib/hwclock</filename>,
|
||||||
usual /etc, as the location of the adjtime file. To make hwclock
|
instead of the usual <filename>/etc</filename>, as the location for the
|
||||||
FHS-compliant, run the following:</para>
|
<filename>adjtime</filename> file. To make the <userinput>hwclock</userinput>
|
||||||
|
program FHS-compliant, run the following:</para>
|
||||||
|
|
||||||
<para><screen><userinput>cp hwclock/hwclock.c{,.backup}
|
<para><screen><userinput>cp hwclock/hwclock.c{,.backup}
|
||||||
sed 's%etc/adjtime%var/lib/hwclock/adjtime%' \
|
sed 's%etc/adjtime%var/lib/hwclock/adjtime%' \
|
||||||
@ -17,18 +18,23 @@ mkdir -p /var/lib/hwclock</userinput></screen></para>
|
|||||||
<sect2>
|
<sect2>
|
||||||
<title>Installation of Util-linux</title>
|
<title>Installation of Util-linux</title>
|
||||||
|
|
||||||
<para>Prepare Util-linux to be compiled:</para>
|
<para>Prepare Util-linux for compilation:</para>
|
||||||
|
|
||||||
<para><screen><userinput>./configure</userinput></screen></para>
|
<para><screen><userinput>./configure</userinput></screen></para>
|
||||||
|
|
||||||
<para>Continue with compiling the package:</para>
|
<para>Compile the package:</para>
|
||||||
|
|
||||||
<para><screen><userinput>make HAVE_SLN=yes</userinput></screen></para>
|
<para><screen><userinput>make HAVE_SLN=yes</userinput></screen></para>
|
||||||
|
|
||||||
<para>The <emphasis>HAVE_SLN</emphasis> option prevents this package,
|
<para>The meaning of the make parameter:</para>
|
||||||
which was already was installed by Glibc, from being built again.</para>
|
<itemizedlist>
|
||||||
|
<listitem><para><userinput>HAVE_SLN=yes</userinput>: This prevents the
|
||||||
|
<userinput>sln</userinput> program (a statically linked
|
||||||
|
<userinput>ln</userinput>, already installed by Glibc) from being built
|
||||||
|
again.</para></listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>Finish installing the package:</para>
|
<para>And install the package:</para>
|
||||||
|
|
||||||
<para><screen><userinput>make HAVE_SLN=yes install</userinput></screen></para>
|
<para><screen><userinput>make HAVE_SLN=yes install</userinput></screen></para>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user